Share
## https://sploitus.com/exploit?id=A6578C92-B7CA-5BF7-B0C8-C247B8B9FB1E
# CVE-2024-4879-ServiceNow
**ServiceNow** is a platform for business transformation which helps companies manage digital workflows for enterprise operations.

**CVE-2024-4879** could allow an unauthenticated user to remotely execute code within the Now Platform. This vulnerability exploits three issues by chaining them together: Title Injection, Template Injection Mitigation Bypass, and Filesystem Filter Bypass, to access ServiceNow data.

The affected versions include Vancouver, Washington DC Now and Utah platform releases

**Usage:** python3 exploit.py -i < target_IP >

**Usage example:** python3 exploit.py -i 127.0.0.1

**Disclaimer: This exploit is to be used only for educational and authorized testing purposes. Illegal/unauthorized use of this exploit is prohibited. I am not responsible for any misuse or damage caused by this script.**

**References:** https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data