CVE-2024-58279

HIGH

appRain CMF 4.0.5 - Authenticated Remote Code Execution via Filemanager Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-58279. PoCs published by Ahmet Ümit BAYRAM.

AI-analyzed exploit summary This exploit targets appRain CMF 4.0.5, leveraging authenticated file upload to achieve remote code execution. It logs in, uploads a malicious PHP shell disguised as an image, and provides a URL to execute arbitrary commands.

Description

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.

Exploits (1)

exploitdb WORKING POC
by Ahmet Ümit BAYRAM · pythonwebappsphp
https://www.exploit-db.com/exploits/52041

This exploit targets appRain CMF 4.0.5, leveraging authenticated file upload to achieve remote code execution. It logs in, uploads a malicious PHP shell disguised as an image, and provides a URL to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: appRain CMF 4.0.5
Auth required
Prerequisites: Valid admin credentials · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.8
EPSS 0.0082
EPSS Percentile 52.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
apprain/apprain 4.0.5
apprain/appRain CMF 4.0.5
Published Dec 10, 2025
Tracked Since Feb 18, 2026