CVE-2024-34833

CVSS 9.8 CRITICALEPSS 1.9%CWE-434

Vexday Risk Score

48Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 9.8EPSS 1.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

02 may 2024PoC pública

17 jun 2024Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

n/a · n/a

PoCs públicas encontradas — 2

githubgithub.com/ShellUnease/CVE-2024-34833-payroll-management-system-rce★ 0 cve_referencepacketstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/ShellUnease/payroll-management-system-rce https://packetstormsecurity.com/files/179106/Payroll-Management-System-1.0-Remote-Code-Execution.html