Qualitor vulnerable to Remote Code Execution via Arbitrary File Upload in checkAcesso.php
CVE-2024-44849

Currently unrated

Key Information:

Vendor: Qualitor
Vendor: CVE Published:; 9 September 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 86%

What is CVE-2024-44849?

Qualitor software versions up to 8.24 are vulnerable to a significant security threat that enables Remote Code Execution (RCE) through an Arbitrary File Upload flaw present in the checkAcesso.php file. This vulnerability can be exploited by attackers to upload malicious files, which can result in unauthorized access and control over the affected system. It is crucial for organizations using Qualitor to evaluate their current systems and implement necessary security patches and mitigation strategies to safeguard sensitive data and maintain operational integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-44849
Created by extencil

References

https://github.com/extencil/CVE-2024-44849?tab=readme-ov-...

https://blog.extencil.me/information-security/cves/cve-20...

EPSS Score

86% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2024
🟡
Public PoC available
Sep 7, 2024
👾
Exploit known to exist
Sep 7, 2024
Vulnerability Reserved
Aug 21, 2024