CVE-2024-21136 PoC — Oracle Retail Applications 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-21136.yaml

Associated Vulnerability

Title:Oracle Retail Applications 安全漏洞 (CVE-2024-21136)
Description:Oracle Retail Applications是美国甲骨文（Oracle）公司的一套零售应用商店解决方案。该产品包括库存管理、销售管理和客户管理等。Retail Xstore Office是其中的一个基于Web的中央管理控制台组件。 Oracle Retail Applications 的 Oracle Retail Xstore Office存在安全漏洞。攻击者利用该漏洞可以访问关键数据。以下版本受到影响：19.0.5版本、20.0.3版本、20.0.4版本、22.0.0版本和23.0.1版本。

Description

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change).

File Snapshot


 id: CVE-2024-21136

info:
  name: Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
  au

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!