← back
CVE-2024-27620

CVE-2024-27620

CVSS 7.5 HIGHEPSS 2.7%CWE-918
Vexday Risk Score
41Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 7.5EPSS 2.7%KEV nãoPoC públicaNuclei Metasploit Patch
Lifecycle
10 Mar 2024Public PoC
06 Apr 2024Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51869unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://ladder.comhttps://everywall.github.io/https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html