CVE-2024-44871

CVSS 7.2 HIGHEPSS 16.2%CWE-434

Vexday Risk Score

46Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 7.2EPSS 16.2%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

10 Sep 2024Published on NVD

27 Mar 2025Public PoC

Recommendation: Plan a near-term fix — a public PoC already exists.

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 2

githubgithub.com/vances25/CVE-2024-44871★ 0 exploitdbwww.exploit-db.com/exploits/52096unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/moziloDasEinsteigerCMS/mozilo3.0 https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44871