Qualitor vulnerable to Remote Code Execution via Arbitrary File Upload in checkAcesso.php
CVE-2024-44849

9.8CRITICAL

Key Information:

Vendor

Qualitor

Status
Vendor
CVE Published:
9 September 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 89%

What is CVE-2024-44849?

Qualitor software versions up to 8.24 are vulnerable to a significant security threat that enables Remote Code Execution (RCE) through an Arbitrary File Upload flaw present in the checkAcesso.php file. This vulnerability can be exploited by attackers to upload malicious files, which can result in unauthorized access and control over the affected system. It is crucial for organizations using Qualitor to evaluate their current systems and implement necessary security patches and mitigation strategies to safeguard sensitive data and maintain operational integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

89% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

.