CVE-2024-44871

HIGH

moziloCMS 3.0 - Unauthenticated Arbitrary File Upload via Admin Index

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-44871. PoCs published by Olakojo Olaoluwa Joshua, vances25.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in MoziloCMS 3.0, allowing an authenticated attacker to upload a malicious .JPG file containing PHP code and rename it to .PHP for remote code execution.

Description

An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.

Exploits (2)

exploitdb WORKING POC

by Olakojo Olaoluwa Joshua · webappsphp

https://www.exploit-db.com/exploits/52096

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in MoziloCMS 3.0, allowing an authenticated attacker to upload a malicious .JPG file containing PHP code and rename it to .PHP for remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MoziloCMS 3.0

Auth required

Prerequisites: Authenticated access to the admin panel · Ability to upload files · Ability to rename files

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by vances25 · poc

https://github.com/vances25/CVE-2024-44871

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-44871, an authenticated RCE vulnerability in MoziloCMS <= 3.0.1. The exploit uploads a PHP web shell disguised as a JPG file, renames it to a PHP file, and executes system commands via the uploaded shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MoziloCMS <= 3.0.1

Auth required

Prerequisites: Valid admin credentials · Access to the admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://github.com/moziloDasEinsteigerCMS/mozilo3.0

Exploit, Third Party Advisory

https://github.com/sec-fortress/Exploits/tree/main/CVE-2024-44871

View Exploit ZIP pw:eip

Scores

CVSS v3 7.2

EPSS 0.1625

EPSS Percentile 96.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

mozilo/mozilocms 3.0

Published Sep 10, 2024

Tracked Since Feb 18, 2026