CVE-2024-32651

CRITICAL NUCLEI

changedetection.io <=0.45.20 - Remote Command Execution via Jinja2 SSTI

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2024-32651. PoCs published by s0ck3t-s3c, zcrosman, Eggzy. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2024-32651, targeting a Server-Side Template Injection (SSTI) vulnerability in changedetection.io <= 0.45.20. The exploit automates the process of obtaining a CSRF token, submitting a crafted form, and delivering a payload that triggers a reverse shell via SSTI.

Description

changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).

Exploits (5)

nomisec WORKING POC 4 stars
by s0ck3t-s3c · poc
https://github.com/s0ck3t-s3c/CVE-2024-32651-changedetection-RCE

This repository contains a functional Python exploit for CVE-2024-32651, targeting a Server-Side Template Injection (SSTI) vulnerability in changedetection.io <= 0.45.20. The exploit automates the process of obtaining a CSRF token, submitting a crafted form, and delivering a payload that triggers a reverse shell via SSTI.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: changedetection.io <= 0.45.20
No auth needed
Prerequisites: Network access to the target application · Python environment with requests and beautifulsoup4 libraries · Listener setup (e.g., netcat) for reverse shell
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 1 stars
by zcrosman · poc
https://github.com/zcrosman/cve-2024-32651

This repository contains a functional exploit for CVE-2024-32651, demonstrating an RCE vulnerability in changedetection.io <= 0.45.20 via Server-Side Template Injection (SSTI). The exploit uses a crafted notification template to execute arbitrary commands, establishing a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: changedetection.io <= 0.45.20
Auth required
Prerequisites: Access to the target application · Valid session or CSRF token
devstral-2 · analyzed Feb 18, 2026 Full analysis →
gitlab WORKING POC
by Eggzy · poc
https://gitlab.com/Eggzy/CVE-2024-32651-changedetection-RCE

This repository contains a functional Python exploit for CVE-2024-32651, targeting a Server-Side Template Injection (SSTI) vulnerability in changedetection.io <= 0.45.20. The exploit chains authentication bypass (if needed), CSRF token extraction, and SSTI payload delivery to achieve remote code execution via a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: changedetection.io <= 0.45.20
Auth required
Prerequisites: target URL · listener IP/port · optional password for authenticated instances
devstral-2 · analyzed Feb 23, 2026 Full analysis →
github WRITEUP
by Pallangyo98 · poc
https://github.com/Pallangyo98/Trickster-HTB

This is a technical writeup detailing the exploitation chain for the Trickster HTB machine, including CVE-2024-32651 (SSTI in ChangeDetection.io) and other vulnerabilities. It provides a step-by-step breakdown of the attack path but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: ChangeDetection.io (CVE-2024-32651), PrestaShop (CVE-2024-34716), PrusaSlicer (CVE-2023-47268)
Auth required
Prerequisites: Access to PrestaShop with customer-thread feature enabled · Database credentials extraction · SSH access to user accounts
devstral-2 · analyzed May 01, 2026 Full analysis →
github WRITEUP
by TU-M · poc
https://github.com/TU-M/Trickster-HTB

This repository provides a detailed technical walkthrough of exploiting multiple vulnerabilities (CVE-2024-34716, CVE-2024-32651, CVE-2023-47268) on the Trickster HTB machine, including XSS, SSTI, and privilege escalation techniques. It describes the attack chain but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Complex
Reliability
Theoretical
Target: PrestaShop, ChangeDetection.io, PrusaSlicer
Auth required
Prerequisites: Access to PrestaShop with customer-thread feature enabled · Database credentials extraction · Docker container access
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Change Detection - Server Side Template Injection
CRITICALVERIFIEDby edoardottt
Shodan: html:"Change Detection"

References (4)

Core 4

Scores

CVSS v3 10.0
EPSS 0.9209
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-1336
Status published
Products (2)
dgtlmoon/changedetection.io <= 0.45.20
pypi/changedetection.io 0 - 0.45.21PyPI
Published Apr 26, 2024
Tracked Since Feb 18, 2026