Rejetto HTTP File Server template injection

Added: 07/10/2024

Background

Rejetto HTTP File Server is a web-based file system application.

Problem

A template injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted GET request.

Resolution

Upgrade to a version higher than HTTP File Server (HFS) 2.3m when available.

References

https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/

Platforms

Windows

Back to exploit index