CVE-2024-45241

HIGH NUCLEI

CentralSquare CryWolf - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-45241. PoCs published by verylazytech, d4lyw. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a detailed technical writeup on CVE-2024-45241, a path traversal vulnerability in CentralSquare CryWolf's GeneralDocs.aspx component. It includes exploitation steps, affected parameters, and screenshots demonstrating the vulnerability.

Description

A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.

Exploits (2)

nomisec WRITEUP 6 stars

by verylazytech · poc

https://github.com/verylazytech/CVE-2024-45241

View Code ZIP pw:eip

This repository provides a detailed technical writeup on CVE-2024-45241, a path traversal vulnerability in CentralSquare CryWolf's GeneralDocs.aspx component. It includes exploitation steps, affected parameters, and screenshots demonstrating the vulnerability.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CentralSquare CryWolf (False Alarm Management)

No auth needed

Prerequisites: Access to the target URL · Burp Suite for interception

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WRITEUP

by d4lyw · poc

https://github.com/d4lyw/CVE-2024-45241

View Code ZIP pw:eip

The repository provides a detailed technical description of a path traversal vulnerability in CentralSquare's CryWolf application, including reproduction steps and references. It explains how unauthenticated attackers can read sensitive files by manipulating the 'rpt' parameter in 'GeneralDocs.aspx' and accessing the contents via 'gdoc1.ashx'.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CentralSquare CryWolf (False Alarm Management)

No auth needed

Prerequisites: Access to the target application · Intercepting proxy for analysis

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

CentralSquare CryWolf - Path Traversal

HIGHVERIFIEDby s4e-io

FOFA: False Alarm Reduction Website

References (3)

Core 3

Core References

Various Sources

https://daly.wtf/cve-2024-45241-path-traversal-in-centralsquare-crywolf/

Various Sources

https://github.com/d4lyw/CVE-2024-45241/

View Writeup ZIP pw:eip

Various Sources

https://www.centralsquare.com/solutions/public-safety-software/public-safety-agency-operations/crywolf-false-alarm-management-solution

Scores

CVSS v3 7.5

EPSS 0.1362

EPSS Percentile 96.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Published Aug 26, 2024

Tracked Since Feb 18, 2026