CVE-2024-37762

CRITICAL

MachForm < 21 - Authenticated Unrestricted File Upload leading to Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-37762. PoCs published by Atreb92.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2024-37762, an authenticated unrestricted file upload vulnerability in MachForm up to version 21, leading to remote code execution. It includes a step-by-step breakdown of the exploit process, HTTP request examples, and file path construction details.

Description

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.

Exploits (1)

nomisec WRITEUP 1 stars

by Atreb92 · poc

https://github.com/Atreb92/cve-2024-37762

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2024-37762, an authenticated unrestricted file upload vulnerability in MachForm up to version 21, leading to remote code execution. It includes a step-by-step breakdown of the exploit process, HTTP request examples, and file path construction details.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MachForm up to version 21

Auth required

Prerequisites: Form creation rights in MachForm · Form with file upload functionality enabled · PHP format whitelisted in the form

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/Atreb92/cve-2024-37762

Scores

CVSS v3 9.9

EPSS 0.0146

EPSS Percentile 70.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

machform/machform < 21

Published Jul 01, 2024

Tracked Since Feb 18, 2026