Chaos in the AI zoo - Exploiting CVE-2024-29090 - Authenticated SSRF in AI Engine plugin (by Jordy Meow)

Chaos in the AI zoo - Exploiting CVE-2024-29090 - Authenticated SSRF in AI Engine plugin (by Jordy Meow)

OS

2024.1.*
2020.3.*
2019.4.*

Apps

AE
AI EngineMeowapps
1.9.97.*
1.9.98.*
1.9.96.*
2.2.63.*
2.2.56.*
2.2.60.*
1.6.98.*
1.6.95.*
1.6.94.*
1.6.88.*

Screenshots from the blog posts

images/cluy4cnb80cc91imx35xe2vah.jpgimages/cluy4cnb80cc91imx35xe2vah.jpg

Summary

AI Engine by Jordy Meow versions up to 2.1.4 is vulnerable to an authenticated Server-Side Request Forgery (SSRF) vulnerability. This post reveals the novel exploit for this unforeseen vulnerability!

general

Description

@secatgourity

190 posts

Total vcoins

123.8K

Social media links

Comments (0)