CVE-2024-58279 — HIGH (8.8)

Vulnerability Description

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apprain	Apprain	4.0.5

Related Weaknesses (CWE)

CWE-434

References

https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zipProduct
https://www.apprain.orgProduct
https://www.exploit-db.com/exploits/52041ExploitThird Party Advisory
https://www.vulncheck.com/advisories/apprain-cmf-authenticated-remote-code-execuThird Party Advisory
https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zipProduct

FAQ

What is CVE-2024-58279?

CVE-2024-58279 is a vulnerability with a CVSS score of 8.8 (HIGH). appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can le...

How severe is CVE-2024-58279?

CVE-2024-58279 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-58279?

Check the references section above for vendor advisories and patch information. Affected products include: Apprain Apprain.