PoC Week 2024-06-23

Posted on Jun 23, 2024

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2024-4577

Severity: Awaiting Reanalysis
Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.
Description: Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Remediation: Follow developer guidance.
More Info: CVE-2024-4577
PoC: https://github.com/watchtowrlabs/CVE-2024-4577/

Severity: Awaiting Analysis
Impacted Products: The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress in all versions up to, and including, 0.1.0.38
Description: Attackers can connect the site to InstaWP API, edit arbitrary site options and create administrator accounts.
Remediation: Follow developer guidance.
More Info: CVE-2024-4898
PoC: https://github.com/truonghuuphuc/CVE-2024-4898-Poc/

Severity: Awaiting Analysis
Impacted Products: Toshiba e-Studio (? not v clear from current info)
Description: Remote Command program allows an attacker to get Remote Code Execution by overwriting existing Python files containing executable code.
Remediation: Follow developer guidance.
More Info: CVE-2024-27173
PoC: https://github.com/Ieakd/0day-POC-for-CVE-2024-27173/

This list was scraped from the quite amazing and highly recommended newsletters below:

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.