CVE-2024-44849

CRITICAL EXPLOITED NUCLEI

Qualitor <= 8.24 - Remote Code Execution via Arbitrary File Upload in checkAcesso.php

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-44849 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including extencil. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository lacks actual exploit code and only provides a README with vague descriptions and external image links. It mentions a critical RCE vulnerability via Unrestricted File Upload but does not include technical details or functional exploit code.

Description

Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

Exploits (1)

nomisec SUSPICIOUS 5 stars
by extencil · remote
https://github.com/extencil/CVE-2024-44849

The repository lacks actual exploit code and only provides a README with vague descriptions and external image links. It mentions a critical RCE vulnerability via Unrestricted File Upload but does not include technical details or functional exploit code.

Classification
Suspicious 80%
Attack Type
Rce
Complexity
Theoretical
Reliability
Theoretical
Target: Qualitor 8.24 and previous versions
No auth needed
Prerequisites: Access to the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

Nuclei Templates (1)

Qualitor <= 8.24 - Remote Code Execution
CRITICALVERIFIEDby s4e-io
FOFA: Qualitor

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.4564
EPSS Percentile 98.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-10-08
CWE
CWE-434
Status published
Products (2)
qualitor/qualitor 8.20
qualitor/qualitor 8.24
Published Sep 09, 2024
Tracked Since Feb 18, 2026