Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-49380 PoC — Plenti 注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-49380.yaml
Associated Vulnerability
Title:Plenti 注入漏洞 (CVE-2024-49380)
Description:Plenti是Plentico开源的一个静态站点生成器。 Plenti 0.7.2之前版本存在注入漏洞,该漏洞源于当用户运行其网站时,/postLocal端点可被利用进行任意文件写入,可能导致远程代码执行。
Description
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.
File Snapshot

 id: CVE-2024-49380

info:
  name: Plenti < v0.7.2 - OS Command Injection
  author: iamnoooob,rootxha

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.