Exploit for Command Injection in Materialsvirtuallab Pymatgen CVE-2024-23346

Name: Exploit for Command Injection in Materialsvirtuallab Pymatgen CVE-2024-23346
Rating: 5 (246 reviews)

2025-07-24 | CVSS 9.3

## https://sploitus.com/exploit?id=319E9B68-183C-531D-828E-B385CC7B3305
# CVE-2024-23346-exploit
This is a exploit for the known Remote Code Execution (RCE) vulnerability in the `pymatgen` (CVE-2024-23346) Python library by uploading a malicious `CIF` file to the hosted `CIF Analyzer` website on the Chemistry machine from Hack the Box. 

NVD CVE LINK : https://nvd.nist.gov/vuln/detail/CVE-2024-23346

Usage: CVE-2024-23346-exploit.py -t targetIP -P targetPORT -u loggedusername -p loggedpassword -l tun0ip/lhost

Example:

python3 CVE-2024-23346-exploit.py -t 10.10.11.38 -P 5000 -u ramon -p ramon -l 10.10.15.000