CVE-2024-51319

Exploit

EPSS 0.07%
Published 11.03.2025 00:00:00
Last modified 28.05.2025 18:18:25
Source cve@mitre.org
Teams watchlist Login
Open Login

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zucchetti ≫ Ad Hoc Infinity Version2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	1.8	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://members.backbox.org/zucchetti-ad-hoc-infinity-multiple-vulnerabilities/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-51319

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51319

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51319

EUVD