mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
2.7 KiB
2.7 KiB
CVE-2024-9264
&color=brighgreen)
Description
The SQL Expressions experimental feature of Grafana allows for the evaluation of duckdb queries containing user input. These queries are insufficiently sanitized before being passed to duckdb, leading to a command injection and local file inclusion vulnerability. Any user with the VIEWER or higher permission is capable of executing this attack. The duckdb binary must be present in Grafana's $PATH for this attack to function; by default, this binary is not installed in Grafana distributions.
POC
Reference
No PoCs from references.
Github
- https://github.com/12442RF/POC
- https://github.com/14mb1v45h/cyberspace061
- https://github.com/Bhanunamikaze/VaktScan
- https://github.com/Cythonic1/CVE-2024-9264
- https://github.com/DMW11525708/wiki
- https://github.com/Exerrdev/CVE-2024-9264-Fixed
- https://github.com/GitHubForSnap/grafana-gael
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/Lern0n/Lernon-POC
- https://github.com/Linxloop/fork_POC
- https://github.com/Royall-Researchers/CVE-2024-9264
- https://github.com/SrMeirins/HackingVault
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Vishnu-S07/HTB-Planning-Writeup
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/a1batr0ssG/VulhubExpand
- https://github.com/adysec/POC
- https://github.com/amalpvatayam67/day05-grafana-sqlexpr-lab
- https://github.com/byt3loss/Nuclei-Blues
- https://github.com/defHawk-tech/CVEs
- https://github.com/eeeeeeeeee-code/POC
- https://github.com/fcoomans/HTB-machines
- https://github.com/greenberglinken/2023hvv_1
- https://github.com/hacieda/planning.htb
- https://github.com/hsvhora/research_blogs
- https://github.com/iemotion/POC
- https://github.com/laoa1573/wy876
- https://github.com/lgturatti/techdrops
- https://github.com/nollium/CVE-2024-9264
- https://github.com/oLy0/Vulnerability
- https://github.com/patrickpichler/grafana-CVE-2024-9264
- https://github.com/plbplbp/loudong001
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/punitdarji/Grafana-CVE-2024-9264
- https://github.com/ruizii/CVE-2024-9264
- https://github.com/rvizx/CVE-2024-9264
- https://github.com/solanav/grimoire
- https://github.com/trganda/starrlist
- https://github.com/z3k0sec/CVE-2024-9264-RCE-Exploit
- https://github.com/z3k0sec/File-Read-CVE-2024-9264
- https://github.com/zulloper/cve-poc