Published: 13/03/2024 Updated: 13/03/2024

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells.

Check Point Reference: CPAI-2024-0131 Date Published: 21 Mar 2024 Severity: High ...

Proof-of-concept exploit for CVE-2024-25153.

CVE-2024-25153 This is a proof of concept for CVE-2024-25153, a Remote Code Execution vulnerability in Fortra FileCatalyst Workflow 5x, before 516 Build 114 Full technical details can be found at labsnettitudecom/blog/cve-2024-25153-remote-code-execution-in-fortra-filecatalyst Usage Run the exploit using the following command: CVE-2024-25153py --host <host

Proof-of-concept exploit for CVE-2024-25153.

Exploit for CVE-2024-25153 Table des matières Cliquez pour afficher Introduction Installation Utilisation Contribuer Licence Introduction Bienvenue dans le Exploit for CVE-2024-25153! Ce projet est une solution pour exploiter la vulnérabilité CVE-2024-25153 et exécuter du code à distance dans Fortra FileCatalyst Workflow Installatio

https://www.fortra.com/security/advisory/fi-2024-002 https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html https://nvd.nist.gov https://github.com/nettitude/CVE-2024-25153 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0131.html

CVE-2024-25153

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect