CVE-2024-45519 PoC — Zimbra Collaboration Server 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2024/CVE-2024-45519.yaml

Associated Vulnerability

Title:Zimbra Collaboration Server 安全漏洞 (CVE-2024-45519)
Description:Zimbra Collaboration Server（ZCS）是Zimbra公司的一套电子邮件和协作解决方案。该方案提供电子邮件、联系人、日历、文件共享、社交网络等功能。 Zimbra Collaboration Server存在安全漏洞，该漏洞源于日志服务有时允许未经身份验证的用户执行命令。以下版本受到影响：8.8.15补丁46之前版本、9.0.0补丁41之前版本、10.0.9之前版本和10.1.1之前版本。

Description

SMTP-based vulnerability in the PostJournal service of Zimbra Collaboration Suite that allows unauthenticated attackers to inject arbitrary commands. This vulnerability arises due to improper sanitization of SMTP input, enabling attackers to craft malicious SMTP messages that execute commands under the Zimbra user context. Successful exploitation can lead to unauthorized access, privilege escalation, and potential compromise of the affected system's integrity and confidentiality.

File Snapshot


 id: CVE-2024-45519

info:
  name: Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution
  autho

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!