CVE-2024-31777

CRITICAL

openeclass <3.15 - RCE

Title source: llm

Description

File Upload vulnerability in openeclass v.3.15 and before allows an attacker to execute arbitrary code via a crafted file to the certbadge.php endpoint.

Exploits (2)

exploitdb WORKING POC
by George Tsimpidas · textwebappsphp
https://www.exploit-db.com/exploits/51975
nomisec WORKING POC 1 stars
by FreySolarEye · poc
https://github.com/FreySolarEye/Exploit-CVE-2024-31777

References (1)

Scores

CVSS v3 9.8
EPSS 0.3039
EPSS Percentile 96.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
openeclass/openeclass < 3.15
Published Jun 13, 2024
Tracked Since Feb 18, 2026