Qualitor vulnerable to Remote Code Execution via Arbitrary File Upload in checkAcesso.php
CVE-2024-44849

Currently unrated

Key Information:

Vendor
Qualitor
Vendor
CVE Published:
9 September 2024

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

Qualitor software versions up to 8.24 are vulnerable to a significant security threat that enables Remote Code Execution (RCE) through an Arbitrary File Upload flaw present in the checkAcesso.php file. This vulnerability can be exploited by attackers to upload malicious files, which can result in unauthorized access and control over the affected system. It is crucial for organizations using Qualitor to evaluate their current systems and implement necessary security patches and mitigation strategies to safeguard sensitive data and maintain operational integrity.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-44849
Created by extencil

References

https://github.com/extencil/CVE-2024-44849?tab=readme-ov-...
https://blog.extencil.me/information-security/cves/cve-20...

Timeline

  • Vulnerability published

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability Reserved

.