Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-55956 PoC — Cleo多款产品 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-55956.yaml
Associated Vulnerability
Title:Cleo多款产品 安全漏洞 (CVE-2024-55956)
Description:Cleo LexiCom等都是Cleo公司的产品。Cleo LexiCom是一个集成平台。Cleo Harmony是一个文件集成解决方案。Cleo VLTrader是一个安全托管文件传输软件。 Cleo多款产品存在安全漏洞,该漏洞源于未经身份验证的用户可以利用Autorun目录的默认设置,在主机系统上导入和执行任意Bash或PowerShell命令。以下产品及版本受到影响:Cleo Harmony 5.8.0.24之前版本、VLTrader 5.8.0.24之前版本和LexiCom 5.8.0.24之前版
Description
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.
File Snapshot

 id: CVE-2024-55956

info:
  name: Cleo Harmony < 5.8.0.24 - File Upload Vulnerability
  author: iamn

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.