CVE-2024-34313

CRITICAL

VPL Jail System <4.0.2 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34313. PoCs published by vincentscode.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-34313, a path traversal vulnerability in VPL Jail System <4.0.3. The exploit allows arbitrary file writes, leading to privilege escalation by overwriting system files like /etc/ld.so.preload. The provided Python script scans for vulnerable versions and retrieves an admin ticket for exploitation.

Description

An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a crafted request to a public endpoint.

Exploits (1)

nomisec WORKING POC 2 stars

by vincentscode · poc

https://github.com/vincentscode/CVE-2024-34313

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-34313, a path traversal vulnerability in VPL Jail System <4.0.3. The exploit allows arbitrary file writes, leading to privilege escalation by overwriting system files like /etc/ld.so.preload. The provided Python script scans for vulnerable versions and retrieves an admin ticket for exploitation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: VPL Jail System <4.0.3

No auth needed

Prerequisites: Network access to the VPL Jail System server · VPL Jail System version <4.0.3

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Various Sources

https://github.com/vincentscode/CVE-2024-34313

Scores

CVSS v3 9.8

EPSS 0.0150

EPSS Percentile 70.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-22

Status published

Published Jun 24, 2024

Tracked Since Feb 18, 2026