File Upload Vulnerability in Spring Boot Application by Osama Taher
CVE-2024-52302

Currently unrated

Key Information:

Vendor: Osama Taher
Status: common-user-management
Vendor: CVE Published:; 14 November 2024

🔔 Create Osama Taher Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-52302?

The common-user-management application, built using Spring Boot, features a vulnerable endpoint (/api/v1/customer/profile-picture) that permits unrestricted file uploads. This lack of proper validation exposes the application to potential Remote Code Execution (RCE) threats, as malicious users can upload harmful files directly to the server. This vulnerability requires immediate attention to implement file validation measures and secure the application from exploit attempts.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-52302
Created by d3sca

References

https://github.com/OsamaTaher/Java-springboot-codebase/se...

https://github.com/OsamaTaher/Java-springboot-codebase/co...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 15, 2024
👾
Exploit known to exist
Nov 15, 2024
Vulnerability published
Nov 14, 2024