Unauthenticated Remote Code Execution in Sourcecodester Poultry Farm Management System
CVE-2024-40110

Currently unrated

Key Information:

Vendor
Sourcecodester
Status
Poultry Farm Management System
Vendor
CVE Published:
12 July 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 18%

Summary

The Poultry Farm Management System version 1.0 by Sourcecodester is susceptible to an unauthenticated Remote Code Execution (RCE) vulnerability. This flaw can be exploited through the 'productimage' parameter in the /farm/product.php endpoint, allowing attackers to execute arbitrary code on the server without authentication. As a result, unauthorized users might gain control over sensitive functionality and data within the system, posing significant security risks.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-40110
Created by thiagosmith

References

https://github.com/w3bn00b3r/Unauthenticated-Remote-Code-...

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-40110 : Unauthenticated Remote Code Execution in Sourcecodester Poultry Farm Management System | SecurityVulnerability.io