CVE-2024-5230

MEDIUM NUCLEI

EnvaySoft FleetCart <4.1.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-5230. PoCs published by halilkirazkaya. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. The PoCs are well-structured and include specific HTTP requests to demonstrate the vulnerabilities.

Description

A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.

Exploits (1)

github WORKING POC 4 stars
by halilkirazkaya · poc
https://github.com/halilkirazkaya/cve-poc-garage/tree/main/2024/CVE-2024-5230.md

This repository contains functional exploit code for multiple CVEs, including remote file inclusion, path traversal, and unauthorized file deletion vulnerabilities. The PoCs are well-structured and include specific HTTP requests to demonstrate the vulnerabilities.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Various (WordPress plugins, QNAP Photo Station, IBM Data Risk Manager, etc.)
No auth needed
Prerequisites: Network access to the target system
devstral-2 · analyzed Feb 27, 2026 Full analysis →

Nuclei Templates (1)

FleetCart 4.1.1 - Information Disclosure
MEDIUMVERIFIEDby s4e-io
Shodan: html:"FleetCart"

References (3)

Core 3
Core References
Permissions Required, VDB Entry vdb-entry technical-description
https://vuldb.com/?id.265981
Permissions Required, VDB Entry signature permissions-required
https://vuldb.com/?ctiid.265981
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/?submit.333519

Scores

CVSS v3 5.3
EPSS 0.1877
EPSS Percentile 96.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-200
Status published
Products (2)
EnvaySoft/FleetCart 4.1.0
EnvaySoft/FleetCart 4.1.1
Published May 23, 2024
Tracked Since Feb 18, 2026