- Description
- changedetection.io is an open source web page change detection, website watcher, restock monitor and notification service. There is a Server Side Template Injection (SSTI) in Jinja2 that allows Remote Command Execution on the server host. Attackers can run any system command without any restriction and they could use a reverse shell. The impact is critical as the attacker can completely takeover the server machine. This can be reduced if changedetection is behind a login page, but this isn't required by the application (not by default and not enforced).
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-1336
- Hype score
- Not currently trending
Trickster is a medium machine from @hackthebox_eu:CVE-2024-34716 (PrestaShop XSS to RCE)=>extracting database creds=>exploit internally ChangeDetection instance(CVE-2024-32651)=>extract instance backups=>exploit a PrusaSlicer Arbitrary Code Execution=>root https://
@_kujen5
1 Feb 2025
49 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Published a write up for HTB: Trickster, a box with many steps featuring CVE-2024-34716 and CVE-2024-32651. I also updated the blog theme for better navigation. https://t.co/cTOvXDYGEo
@_KScorpio
1 Feb 2025
486 Impressions
0 Retweets
30 Likes
4 Bookmarks
0 Replies
0 Quotes
Trickster HackTheBox Writeup https://t.co/7YioKtuYBE #writeup #hackthebox #retired #Prestashop #git #CVE-2024-34716 #xss #PrusaSlicer #CVE-2023-47268 #rce #changedetection #rce #CVE-2024-32651 #brotli #SUDO https://t.co/irOjgxY6wK
@David_Uton
1 Feb 2025
112 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-32651] Changedetection < 0.45.20 - Remote Code Execution (RCE) https://t.co/h0NJRYjw3U https://t.co/mT7mARc7Ir
@jaacostan
7 Jan 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes