CVE-2024-46507

HIGH EXPLOITED

Yeti Platform < 2.1.12 - Server-Side Template Injection

Title source: manual
STIX 2.1

Exploitation Summary

CVE-2024-46507 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit.

AI-analyzed exploit summary This repository provides a detailed technical walkthrough for exploiting CVE-2024-46507 (command injection) and CVE-2024-46508 (authentication bypass). It includes reconnaissance steps, exploitation techniques, and privilege escalation methods, demonstrating a clear understanding of the vulnerabilities.

Description

A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.

Exploits (1)

vulncheck_xdb WRITEUP
remote
https://github.com/Somchandra17/CVE-2024-46507

This repository provides a detailed technical walkthrough for exploiting CVE-2024-46507 (command injection) and CVE-2024-46508 (authentication bypass). It includes reconnaissance steps, exploitation techniques, and privilege escalation methods, demonstrating a clear understanding of the vulnerabilities.

Classification
Writeup 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Vulnerable web application (Apache/2.4.41, SimpleHTTPServer 0.6)
No auth needed
Prerequisites: Network access to target · Basic Linux command-line knowledge
devstral-2 · analyzed May 08, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.3
EPSS 0.0028
EPSS Percentile 51.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2025-06-07
CWE
CWE-94
Status published
Products (1)
yeti-platform/yeti 2.0 - 2.1.12
Published May 08, 2026
Tracked Since May 08, 2026