Lucene search
K

CVE-2024-44871

🗓️ 10 Sep 2024 00:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 226 Views🌐 WEB

Arbitrary file upload vulnerability in moziloCMS v3.

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Unrestricted Upload of File with Dangerous Type in Mozilo Mozilocms
7 Apr 202518:07
githubexploit
Circl
CVE-2024-44871
10 Sep 202420:06
circl
CNNVD
moziloCMS 安全漏洞
10 Sep 202400:00
cnnvd
Cvelist
CVE-2024-44871
10 Sep 202400:00
cvelist
Exploit DB
MoziloCMS 3.0 - Remote Code Execution (RCE)
27 Mar 202500:00
exploitdb
NVD
CVE-2024-44871
10 Sep 202417:15
nvd
OSV
CVE-2024-44871
10 Sep 202417:15
osv
Packet Storm
moziloCMS 3.0 Shell Upload
31 Mar 202500:00
packetstorm
Positive Technologies
PT-2024-31290 · Mozilocms · Mozilocms
10 Sep 202400:00
ptsecurity
RedhatCVE
CVE-2024-44871
23 May 202508:33
redhatcve
Rows per page
NVD
Vulnrichment
Node
ParameterPositionPathDescriptionCWE
files[]request bodymozilo3.0-3.0.1/admin/index.phpAuthenticated upload leads to arbitrary code execution via crafted JPG file uploaded to admin index and later renamed to PHP.CWE-434
curent_dirrequest bodymozilo3.0-3.0.1/admin/index.phpAuthenticated upload leads to arbitrary code execution via crafted JPG file uploaded to admin index and later renamed to PHP.CWE-434
chancefilesrequest bodymozilo3.0-3.0.1/admin/index.phpAuthenticated upload leads to arbitrary code execution via crafted JPG file uploaded to admin index and later renamed to PHP.CWE-434
actionrequest bodymozilo3.0-3.0.1/admin/index.phpAuthenticated upload leads to arbitrary code execution via crafted JPG file uploaded to admin index and later renamed to PHP.CWE-434
actionrequest bodymozilo3.0-3.0.1/admin/index.phpFile rename step enabling execution of uploaded PHP payload.CWE-434
newfilerequest bodymozilo3.0-3.0.1/admin/index.phpFile rename step enabling execution of uploaded PHP payload.CWE-434
orgfilerequest bodymozilo3.0-3.0.1/admin/index.phpFile rename step enabling execution of uploaded PHP payload.CWE-434
curent_dirrequest bodymozilo3.0-3.0.1/admin/index.phpFile rename step enabling execution of uploaded PHP payload.CWE-434
0query parammozilo3.0-3.0.1/kategorien/Willkommen/dateien/revshell.phpAccess to the uploaded PHP webshell to execute commands on the server.CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 07:53Current
7.8High risk
Vulners AI Score7.8
CVSS 3.17.2
EPSS0.16249
SSVC
226