CVE-2024-51319

Exploit

EPSS 0.07%
Veröffentlicht 11.03.2025 00:00:00
Zuletzt bearbeitet 28.05.2025 18:18:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimg_upload.jsp.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zucchetti ≫ Ad Hoc Infinity Version2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.223

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	1.8	5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://members.backbox.org/zucchetti-ad-hoc-infinity-multiple-vulnerabilities/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-51319

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51319

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51319

EUVD