Lucene search
+L

CVE-2024-31777

🗓️ 13 Jun 2024 00:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 84 Views🌐 WEB

File Upload vulnerability in openeclass v.3.1

Related
Detection
Refs
Paths
NVD
Vulnrichment
Node
ParameterPositionPathDescriptionCWE
filenamerequest bodymodules/admin/certbadge.php?action=add_certUnrestricted file upload leading to remote code execution via crafted PHP payload.CWE-434
certhtmlfilerequest bodymodules/admin/certbadge.php?action=add_certUnrestricted file upload leading to remote code execution via crafted PHP payload.CWE-434
orientationrequest bodymodules/admin/certbadge.php?action=add_certUnrestricted file upload leading to remote code execution via crafted PHP payload.CWE-434
descriptionrequest bodymodules/admin/certbadge.php?action=add_certUnrestricted file upload leading to remote code execution via crafted PHP payload.CWE-434
cert_idrequest bodymodules/admin/certbadge.php?action=add_certUnrestricted file upload leading to remote code execution via crafted PHP payload.CWE-434
submit_cert_templaterequest bodymodules/admin/certbadge.php?action=add_certUnrestricted file upload leading to remote code execution via crafted PHP payload.CWE-434
cmdquery paramcourses/user_progress_data/cert_templates/evil.php?cmd={cmd}Remote command execution via crafted GET parameter used after uploading a malicious file.CWE-434
cmdquery paramcourses/user_progress_data/cert_templates/evil.php?cmd=rm%20evil.zipCleanup/remote command execution attempt via cmd parameter during server cleanup.CWE-434
cmdquery paramcourses/user_progress_data/cert_templates/evil.php?cmd=rm%20evil.phpCleanup/remote command execution attempt via cmd parameter during server cleanup.CWE-434
login_pagequery param?login_page=1Login-related endpoint used to initiate PoC authentication flow.CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 07:28Current
7.7High risk
Vulners AI Score7.7
CVSS 3.19.8
EPSS0.03821
SSVC
84