What is CVE-2024-23052?

CVE-2024-23052 is a vulnerability in N/a. Published 2024-02-01.

Is CVE-2024-23052 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-23052

An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component.

EPSS: 0.785 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0day404/HV-2024-POC
12442RF/POC
AboSteam/POPC
DMW11525708/wiki
Lern0n/Lernon-POC
Linxloop/fork_
WhosGa/MyWiki
Yuan08o/pocs
admin772/POC
adminlove520/pocWiki

References

github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md
github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28

Frequently asked questions

What is CVE-2024-23052?: CVE-2024-23052 is a vulnerability in N/a. Published 2024-02-01.
Is CVE-2024-23052 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.