Exploit for Improper Access Control in Bandisoft Bandiview CVE-2024-45870 CVE-2024-45872 CVE-2024-45871

## https://sploitus.com/exploit?id=48F861A3-DBEE-53C0-9B2E-ED13AF96BF89
# bandiview-7.05-vuln-PoC
This repository contains a PoC for vulnerabilities uncovered in Bandiview 7.05 using fuzzing

- [CVE-2024-45870](https://nvd.nist.gov/vuln/detail/CVE-2024-45870) ( JXR File Parsing DoS Vulnerability )
 - [CVE-2024-45871](https://nvd.nist.gov/vuln/detail/CVE-2024-45871) ( PSD File Parsing DoS Vulnerability )
 - [CVE-2024-45872](https://nvd.nist.gov/vuln/detail/CVE-2024-45872) ( PSD File Parsing Stack Buffer Overflow )


### Details
- Software: [BandiView](https://kr.bandisoft.com/bandiview/)
- Version: v7.05 (2024/7/15, BuildNo=26122)

### Credit
- JaeHo Cho (@Jaecho6053)
- SongHyun Bae (@bshyuunn)
- JunSeo Bae (@V0xe1)
- LeeDong Ha (@GAP-dev)

<br>

<table>
  <tr>
    <th>Bandiview Changes Log</th>
  </tr>
  <tr>
    <td>
      <a href="https://kr.bandisoft.com/bandiview/history/">
        <img width="602" alt="image" src="https://github.com/user-attachments/assets/f09aee30-c6fc-43bf-b07c-fce59ca96cf6" />
      </a>
    </td>
  </tr>
</table>