Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-46507 PoC — Yeti Platform 代码注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-46507.yaml
Associated Vulnerability
Title:Yeti Platform 代码注入漏洞 (CVE-2024-46507)
Description:A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server.
Description
The Yeti Platform < 2.1.12 contains a Server-Side Template Injection (SSTI) vulnerability that can lead to Remote Code Execution (RCE) when exploited by an authenticated user. Attackers with valid credentials can inject malicious template expressions, which the server evaluates, allowing arbitrary command execution.
File Snapshot

 id: CVE-2024-46507

info:
  name: Yeti Platform < 2.1.12 - Server-Side Template Injection to RCE
  a

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →