Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-26291 PoC — Avid多款产品 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-26291.yaml
Associated Vulnerability
Title:Avid多款产品 安全漏洞 (CVE-2024-26291)
Description:Avid NEXIS E-series等都是美国Avid公司的一款虚拟化存储平台。 Avid多款产品存在安全漏洞,该漏洞源于未验证文件名参数路径,可能导致任意文件读取攻击。以下产品及版本受到影响:Avid NEXIS E-series、Avid NEXIS F-series、Avid NEXIS PRO+和System Director Appliance (SDA+) 2025.5.1之前版本。
Description
Avid NEXIS E-series, F-series, PRO+, and System Director Appliance (SDA+) before 2025.5.1 contain an unauthenticated arbitrary file read caused by improper validation of the filename parameter, letting unauthenticated attackers read sensitive files, exploit requires no authentication.
File Snapshot

 id: CVE-2024-26291

info:
  name: Avid NEXIS Agent - Arbitrary File Read
  author: DhiyaneshDK
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.