CVE-2024-52302

This exploit demonstrates an unrestricted file upload vulnerability in a Java Spring Boot application, allowing authenticated users to upload malicious files (e.g., .jsp, .php) leading to Remote Code Execution (RCE). The script automates login and file upload to the vulnerable endpoint.

This repository contains a functional exploit for CVE-2024-52302, an unrestricted file upload vulnerability in the Common-User-Management Spring Boot application. The exploit demonstrates how to authenticate and upload a malicious file to achieve Remote Code Execution (RCE).

This repository contains a functional proof-of-concept for CVE-2024-52302, demonstrating an arbitrary file upload vulnerability in a Spring Boot application. The `CustomerController` allows unrestricted file uploads to `/tmp/`, which can lead to remote code execution if the uploaded file is executable.