CVE-2024-6127
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated at
CVSS
9.8
Crítico
EPSS
10.3%
p95
KEV
—
Exploit Today
29
0-100
Publicado: 27 jun 2024 · Última mod.: 14 jul 2026 · CWE-22 · CWE-434
10.3%EPSS · 30 días10.3%
2026-06-302026-07-16
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.
- aceresponder.comhttps://aceresponder.com/blog/exploiting-empire-c2-framework
- github.comhttps://github.com/ACE-Responder/Empire-C2-RCE-PoC
- github.comhttps://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102
- vulncheck.comhttps://vulncheck.com/advisories/empire-unauth-rce
- aceresponder.comhttps://aceresponder.com/blog/exploiting-empire-c2-framework
- github.comhttps://github.com/ACE-Responder/Empire-C2-RCE-PoC
- github.comhttps://github.com/BC-SECURITY/Empire/blob/8283bbc77250232eb493bf1f9104fdd0d468962a/CHANGELOG.md?plain=1#L102
- vulncheck.comhttps://vulncheck.com/advisories/empire-unauth-rce
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2023-389507.5 ALT99.7%
KEV—80ZKTeco BioTime Path Traversal Vulnerability7dCVE-2026-4828210.0 CRÍ97.9%
KEV—79Adobe ColdFusion Path Traversal Vulnerability8dCVE-2026-562909.8 CRÍ85.4%
KEV—76Joomlack Page Builder Improper Access Control Vulnerability8dCVE-2026-489089.8 CRÍ72.6%
KEV—72JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability8dCVE-2026-489399.8 CRÍ71.5%
KEV—71iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability6dCVE-2026-562919.8 CRÍ53.6%
KEV—66Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability6d