Unauthenticated Remote Code Execution in Sourcecodester Poultry Farm Management System
CVE-2024-40110
Currently unrated
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 12 July 2024
Badges
👾 Exploit Exists🟡 Public PoC🟣 EPSS 19%
What is CVE-2024-40110?
The Poultry Farm Management System version 1.0 by Sourcecodester is susceptible to an unauthenticated Remote Code Execution (RCE) vulnerability. This flaw can be exploited through the 'productimage' parameter in the /farm/product.php endpoint, allowing attackers to execute arbitrary code on the server without authentication. As a result, unauthorized users might gain control over sensitive functionality and data within the system, posing significant security risks.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.