CVE-2024-24350

HIGH

Softwarepublico E-sic Livre < 2.0 - Unrestricted File Upload

Title source: rule

Description

File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component.

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/viniciuspinheiros/4e53b297fd6466cf12d01867ee1c9c33

Exploit

https://medium.com/%40viniciuspinheiros/e-sic-livre-2-0-authenticated-file-upload-leads-to-remote-code-execution-rce-5937c9537258

Scores

CVSS v3 8.8

EPSS 0.0187

EPSS Percentile 83.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

softwarepublico/e-sic_livre < 2.0

Published Feb 08, 2024

Tracked Since Feb 18, 2026