CVE-2024-42640

CRITICAL EXPLOITED NUCLEI

angular-base64-upload <v0.1.21 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-42640 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Ravindu Wickramasinghe, rvzsec, rvizx. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets CVE-2024-42640, an unauthenticated RCE vulnerability in the Angular-Base64-Upload library prior to v0.1.21. It uploads a malicious PHP payload via base64 encoding to a vulnerable server endpoint, enabling remote command execution or a reverse shell.

Description

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Exploits (5)

exploitdb WORKING POC
by Ravindu Wickramasinghe · pythonwebappsmultiple
https://www.exploit-db.com/exploits/52253

This exploit targets CVE-2024-42640, an unauthenticated RCE vulnerability in the Angular-Base64-Upload library prior to v0.1.21. It uploads a malicious PHP payload via base64 encoding to a vulnerable server endpoint, enabling remote command execution or a reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: angular-base64-upload < 0.1.21
No auth needed
Prerequisites: Target must be using vulnerable version of angular-base64-upload · Access to the server's upload endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Ravindu Wickramasinghe · pythonremotemultiple
https://www.exploit-db.com/exploits/52121

This exploit targets CVE-2024-42640, an unauthenticated RCE vulnerability in the Angular-Base64-Upload library prior to v0.1.21. It uploads a PHP reverse shell via a base64-encoded payload to a vulnerable endpoint and triggers execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: angular-base64-upload < 0.1.21
No auth needed
Prerequisites: Target must have the vulnerable library installed · Network access to the target server · Listener set up for reverse shell
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 27 stars
by rvzsec · poc
https://github.com/rvzsec/CVE-2024-42640

This repository contains a functional exploit for CVE-2024-42640, an unauthenticated RCE vulnerability in the Angular-Base64-Upload library prior to v0.1.21. The exploit uploads a malicious PHP payload via the vulnerable server.php endpoint and provides either a reverse shell or command shell interface.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: angular-base64-upload < v0.1.21
No auth needed
Prerequisites: Target must have the vulnerable angular-base64-upload library installed with the demo directory accessible
devstral-2 · analyzed Jun 01, 2026 Full analysis →
nomisec WORKING POC 26 stars
by rvizx · remote
https://github.com/rvizx/CVE-2024-42640

This repository contains a functional exploit for CVE-2024-42640, an unauthenticated remote code execution vulnerability in the `angular-base64-upload` library prior to v0.1.21. The exploit leverages a file upload vulnerability in the `demo/server.php` endpoint to achieve RCE via a PHP web shell or reverse shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: angular-base64-upload < v0.1.21
No auth needed
Prerequisites: Target must have the vulnerable `angular-base64-upload` library installed with the demo folder accessible · Network access to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 3 stars
by KTN1990 · poc
https://github.com/KTN1990/CVE-2024-42640

The repository contains a functional Python exploit for CVE-2024-42640, which targets an unauthenticated RCE vulnerability in the angular-base64-upload library (versions < 0.1.21). The exploit uploads a malicious PHP shell via the vulnerable endpoint and verifies its execution by checking for a specific string in the response.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: angular-base64-upload < 0.1.21
No auth needed
Prerequisites: Target server running vulnerable version of angular-base64-upload · Network access to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Angular-Base64-Upload - Remote Code Execution
CRITICALby s4e-io

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.8694
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-10-14
CWE
CWE-434
Status published
Products (1)
npm/angular-base64-upload 0 - 0.1.21npm
Published Oct 11, 2024
Tracked Since Feb 18, 2026