PoC Week 2024-03-31

Posted on Mar 31, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.


  • Severity: 9.8 CRITICAL
  • Impacted Products: Fortra FileCatalyst Workflow 5.x, before version 5.1.6 Build 114
  • Description: The vulnerability, found in the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal, enables directory traversal. This allows for unauthorized file uploads outside the intended ‘uploadtemp’ directory, potentially leading to Remote Code Execution (RCE) on the server.
  • Remediation: Users should update to Fortra FileCatalyst Workflow version 5.1.6 Build 114 or later to mitigate this vulnerability.
  • More Info: NVD - CVE-2024-25153
  • PoC: https://github.com/nettitude/CVE-2024-25153




  • Severity: 8.8 HIGH
  • Impacted Products: Xbox Gaming Services.
  • Description: This vulnerability relates to an elevation of privilege within Xbox Gaming Services, allowing for potentially significant security compromises.
  • Remediation: For details on remediation, users should consult the Microsoft Security Response Center or relevant update guides.
  • More Info: NVD - CVE-2024-28916
  • PoC: https://github.com/Wh04m1001/GamingServiceEoP


  • Severity: 9.8 CRITICAL
  • Impacted Products: Fortinet FortiOS, FortiProxy various versions
  • Description: Out-of-bounds write vulnerability enabling unauthorized code or command execution via crafted requests.
  • Remediation: Follow Fortinet’s vendor instructions for mitigation or product discontinuation if not available.
  • More Info: NVD - CVE-2024-21762
  • PoC: https://github.com/d0rb/CVE-2024-21762


  • Severity: 9.3 CRITICAL
  • Impacted Products: FortiClientEMS
  • Description: Critical SQL Injection vulnerability allowing unauthenticated remote code execution.
  • Remediation: Fortinet has issued patches for affected versions.
  • More Info: Tenable®
  • PoC: https://github.com/horizon3ai/CVE-2023-48788


This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.