← back
CVE-2024-42640

CVE-2024-42640

CVSS 9.8 CRITICALEPSS 43.7%CWE-434
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found4
githubgithub.com/rvzsec/CVE-2024-4264027githubgithub.com/KTN1990/CVE-2024-426403exploitdbwww.exploit-db.com/exploits/52121unverifiedexploitdbwww.exploit-db.com/exploits/52253unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/adonespitogo/angular-base64-uploadhttps://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html