CVE-2024-48760

CRITICAL

GestioIP 3.5.7 - Remote Code Execution via Malicious File Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-48760. PoCs published by Maximiliano Belino, maxibelino, odeez24, including Metasploit module exploits/multi/http/gestioip_rce.

AI-analyzed exploit summary This exploit targets CVE-2024-48760 in GestioIP 3.5.7, achieving RCE by uploading a malicious Perl CGI script via an authenticated API endpoint. The script then executes arbitrary commands, including a reverse shell payload.

Description

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.

Exploits (2)

exploitdb WORKING POC

by Maximiliano Belino · textremotemultiple

https://www.exploit-db.com/exploits/52204

View Code ZIP pw:eip

This exploit targets CVE-2024-48760 in GestioIP 3.5.7, achieving RCE by uploading a malicious Perl CGI script via an authenticated API endpoint. The script then executes arbitrary commands, including a reverse shell payload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GestioIP v3.5.7

Auth required

Prerequisites: Valid credentials for GestioIP · Network access to the target API endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell T1059.004 - Unix Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by maxibelino, odeez24 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gestioip_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a file upload vulnerability in GestioIP 3.5.7, allowing remote command execution via a malicious Perl script. It supports both authenticated and unauthenticated exploitation depending on the target configuration.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GestioIP 3.5.7

Auth required

Prerequisites: Admin credentials (if authentication is enabled) · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 14, 2026 Full analysis →

References (3)

Core 3

Core References

Product

http://www.gestioip.net/index.html

Exploit, Third Party Advisory

https://github.com/maxibelino/CVEs/tree/main/CVE-2024-48760

View Exploit ZIP pw:eip

Product

https://github.com/muebel/gestioip-docker-compose

Scores

CVSS v3 9.8

EPSS 0.7091

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

gestioip/gestioip 3.5.7

Published Jan 14, 2025

Tracked Since Feb 18, 2026