CVE-2024-39069

HIGH

Ifood Order Manager <3.35.5 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-39069. PoCs published by AungSoePaing.

AI-analyzed exploit summary This repository describes a DLL hijacking vulnerability in ifood Order Manager's 'Gestor de Peddios.exe'. An attacker can place a malicious 'd3d12.dll' in a directory searched by the application, leading to arbitrary code execution when the application is launched.

Description

An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack.

Exploits (1)

nomisec WORKING POC

by AungSoePaing · poc

https://github.com/AungSoePaing/CVE-2024-39069

View Code ZIP pw:eip

This repository describes a DLL hijacking vulnerability in ifood Order Manager's 'Gestor de Peddios.exe'. An attacker can place a malicious 'd3d12.dll' in a directory searched by the application, leading to arbitrary code execution when the application is launched.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ifood Order Manager 'Gestor de Peddios.exe'

No auth needed

Prerequisites: Ability to place a malicious DLL in a directory searched by the application · Low-level user access to transfer the DLL

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources

https://github.com/AungSoePaing/CVE-2024-39069

Various Sources

https://youtu.be/oMIobV2M0T8

Scores

CVSS v3 7.8

EPSS 0.0056

EPSS Percentile 42.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-491

Status published

Published Jul 09, 2024

Tracked Since Feb 18, 2026