CVE-2024-52302

Currently unrated 🤨

Key Information

Vendor: CVE Published:; 14 November 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

common-user-management is a robust Spring Boot application featuring user management services designed to control user access dynamically. There is a critical security vulnerability in the application endpoint /api/v1/customer/profile-picture. This endpoint allows file uploads without proper validation or restrictions, enabling attackers to upload malicious files that can lead to Remote Code Execution (RCE).

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-52302
Created by d3sca

Timeline

👾
Exploit exists.
Nov 15, 2024
Vulnerability published.
Nov 14, 2024

Collectors

NVD Database1 Proof of Concept(s)