CVE-2024-24350

HIGH

e-Sic Livre < 2.0 - Authenticated Remote Code Execution via Extension Filtering Bypass

Title source: llm

Description

File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/viniciuspinheiros/4e53b297fd6466cf12d01867ee1c9c33

Exploit

https://medium.com/%40viniciuspinheiros/e-sic-livre-2-0-authenticated-file-upload-leads-to-remote-code-execution-rce-5937c9537258

Scores

CVSS v3 8.8

EPSS 0.0119

EPSS Percentile 64.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

softwarepublico/e-sic_livre < 2.0

Published Feb 08, 2024

Tracked Since Feb 18, 2026