CVE-2024-40110

CRITICAL

Sourcecodester Poultry Farm Management System v1.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-40110. PoCs published by thiagosmith, AnGrY-Althaf, Abdurahmon3236.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-40110, targeting Poultry Farm Management System v1.0. The exploit uploads a PHP web shell via a vulnerable file upload endpoint and provides an interactive shell for remote command execution.

Description

Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.

Exploits (3)

nomisec WORKING POC 4 stars
by thiagosmith · poc
https://github.com/thiagosmith/CVE-2024-40110

This repository contains a functional exploit for CVE-2024-40110, targeting Poultry Farm Management System v1.0. The exploit uploads a PHP web shell via a vulnerable file upload endpoint and provides an interactive shell for remote command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Poultry Farm Management System v1.0
No auth needed
Prerequisites: Network access to the vulnerable web application · Vulnerable endpoint accessible at /farm/product.php
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by AnGrY-Althaf · poc
https://github.com/AnGrY-Althaf/CVE-2024-40110

This repository contains a functional exploit for CVE-2024-40110, targeting an unauthenticated file upload vulnerability in Poultry Farm Management System v1.0. The exploit uploads a malicious PHP file disguised as an image, achieving remote code execution via the `/paultry/farm/product.php` endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Poultry Farm Management System v1.0
No auth needed
Prerequisites: Network access to the vulnerable server · Python 3.7+ with `requests` and `colorama` libraries
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC
by Abdurahmon3236 · poc
https://github.com/Abdurahmon3236/CVE-2024-40110

This repository contains a functional Python script demonstrating an unauthenticated remote code execution (RCE) vulnerability in Sourcecodester Poultry Farm Management System v1.0 via the `productimage` parameter in `/farm/product.php`. The PoC sends a malicious PHP payload to execute arbitrary commands on the server.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Poultry Farm Management System v1.0
No auth needed
Prerequisites: Python 3.x · requests library · target URL with vulnerable endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 9.8
EPSS 0.0191
EPSS Percentile 77.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-77
Status published
Products (1)
nikhil-bhalerao/poultry_farm_management_system 1.0
Published Jul 12, 2024
Tracked Since Feb 18, 2026