by vicarius
log in join community
by @secatgourity
14 Apr 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Chaos in the AI zoo - Exploiting CVE-2024-29090 - Authenticated SSRF in AI Engine plugin (by Jordy Meow)

by @secatgourity
by @secatgourity
14 Apr 2024
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

Chaos in the AI zoo - Exploiting CVE-2024-29090 - Authenticated SSRF in AI Engine plugin (by Jordy Meow)

OS

Kali Linux
Kali LinuxKali
2024.1.*
2020.3.*
2019.4.*

Apps

AE
AI EngineMeowapps
1.9.97.*
1.9.98.*
1.9.96.*
2.2.63.*
2.2.56.*
2.2.60.*
1.6.98.*
1.6.95.*
1.6.94.*
1.6.88.*

Screenshots from the blog posts

images/cluy4cnb80cc91imx35xe2vah.jpgimages/cluy4cnb80cc91imx35xe2vah.jpg

Summary

AI Engine by Jordy Meow versions up to 2.1.4 is vulnerable to an authenticated Server-Side Request Forgery (SSRF) vulnerability. This post reveals the novel exploit for this unforeseen vulnerability!

general

Description

Tags

#AI#trendingCVE#exploited#open-source#wordpress#trending#chatgpt#SSRF#chatbot#code-review

@secatgourity

185 posts

Total vcoins

121.1K

Social media links

Comments (0)