CVE-2024-41628
HIGH NUCLEISeveralnines Cluster Control <2.1.0 - Path Traversal
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2024-41628. PoCs published by Redshift-CyberSecurity. A Nuclei detection template is also available.
AI-analyzed exploit summary The repository contains a functional Python script that exploits CVE-2024-41628, a Local File Inclusion (LFI) vulnerability in ClusterControl's CMON API. The exploit targets ports 9500 (HTTP) and 9501 (HTTPS) to retrieve arbitrary system files by leveraging directory traversal sequences.
Description
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API.
Exploits (1)
The repository contains a functional Python script that exploits CVE-2024-41628, a Local File Inclusion (LFI) vulnerability in ClusterControl's CMON API. The exploit targets ports 9500 (HTTP) and 9501 (HTTPS) to retrieve arbitrary system files by leveraging directory traversal sequences.
Nuclei Templates (1)
icon_hash="160707013" || icon_hash="-1815707560"
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N