Skip to content

CVE-2024-55963

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

CVE-2024-55963

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
appsmith-rce.gif
appsmith-rce.gif
 
 
appsmith-rce.yaml
appsmith-rce.yaml
 
 
poc.py
poc.py
 
 

README.md

CVE-2024-55963: Unauthenticated Remote Code Execution as postgres user

Information

Description: A Remote Code Execution (RCE) vulnerability in Appsmith. Versions Affected: v1.20-v1.51 Version Fixed: v1.52 Researcher: Whit Taylor (https://x.com/un1tycyb3r)
Disclosure Link: https://rhinosecuritylabs.com/research/cve-2024-55963-unauthenticated-rce-in-appsmith
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2024-55963

Proof-of-Concept Exploit

Description

A RCE vulnerability in Appsmith, application development platform.

Usage/Exploitation

python3 appsmith-rce.py -u <target> -p <port>

Demo

Alt-text for the GIF