Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-44871

🗓️ 10 Sep 2024 00:00:00Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 207 Views🌐 WEB

Arbitrary file upload vulnerability in moziloCMS v3.

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Unrestricted Upload of File with Dangerous Type in Mozilo Mozilocms
7 Apr 202518:07
githubexploit
Circl		CVE-2024-44871
10 Sep 202420:06
circl
CNNVD		moziloCMS 安全漏洞
10 Sep 202400:00
cnnvd
Cvelist		CVE-2024-44871
10 Sep 202400:00
cvelist
Exploit DB		MoziloCMS 3.0 - Remote Code Execution (RCE)
27 Mar 202500:00
exploitdb
NVD		CVE-2024-44871
10 Sep 202417:15
nvd
OSV		CVE-2024-44871
10 Sep 202417:15
osv
Packet Storm		moziloCMS 3.0 Shell Upload
31 Mar 202500:00
packetstorm
Positive Technologies		PT-2024-31290 · Mozilocms · Mozilocms
10 Sep 202400:00
ptsecurity
RedhatCVE		CVE-2024-44871
23 May 202508:33
redhatcve
Rows per page
NVD
Vulnrichment
Node
mozilomozilocmsMatch3.0
ParameterPositionPathDescriptionCWE
files[]request body/mozilo3.0-3.0.1/admin/index.phpAuthenticated arbitrary file upload to /admin/index.php leading to code execution via subsequent PHP file rename.CWE-434
curent_dirrequest body/mozilo3.0-3.0.1/admin/index.phpAuthenticated arbitrary file upload to /admin/index.php leading to code execution via subsequent PHP file rename.CWE-434
chancefilesrequest body/mozilo3.0-3.0.1/admin/index.phpAuthenticated arbitrary file upload to /admin/index.php leading to code execution via subsequent PHP file rename.CWE-434
actionrequest body/mozilo3.0-3.0.1/admin/index.phpAuthenticated arbitrary file upload to /admin/index.php leading to code execution via subsequent PHP file rename.CWE-434
Newfile? mayberequest body/mozilo3.0-3.0.1/admin/index.phpAuthenticated arbitrary file upload to /admin/index.php leading to code execution via subsequent PHP file rename.CWE-434
actionrequest body/mozilo3.0-3.0.1/admin/index.phpFile rename operation in the admin panel that can be abused to convert a uploaded file into a PHP payload enabling RCE.CWE-434
newfilerequest body/mozilo3.0-3.0.1/admin/index.phpFile rename operation in the admin panel that can be abused to convert a uploaded file into a PHP payload enabling RCE.CWE-434
orgfilerequest body/mozilo3.0-3.0.1/admin/index.phpFile rename operation in the admin panel that can be abused to convert a uploaded file into a PHP payload enabling RCE.CWE-434
curent_dirrequest body/mozilo3.0-3.0.1/admin/index.phpFile rename operation in the admin panel that can be abused to convert a uploaded file into a PHP payload enabling RCE.CWE-434
changeartrequest body/mozilo3.0-3.0.1/admin/index.phpFile rename operation in the admin panel that can be abused to convert a uploaded file into a PHP payload enabling RCE.CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Sep 2024 15:28Current
7.8High risk
Vulners AI Score7.8
CVSS 3.17.2
EPSS0.29416
SSVC
CWE-434
arbitrary file uploadmozilocms v3.0component vulnerabilityarbitrary code executioncrafted file upload
207