Overview
- Description
- angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
- CNA Tags
- unsupported-when-assigned
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Weaknesses
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-434
Social media
- Hype score
- Not currently trending
Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th) https://t.co/rcm90QEUXl https://t.co/HXBL5D5ohG
@buaqbot
3 Nov 2024
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Angular-base64-update Demo Script Exploited (CVE-2024-42640) https://t.co/JfTfSJ4X6b https://t.co/a1RAzRW5B4
@sans_isc
1360 Impressions
1 Retweet
6 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-42640: Unauthenticated Remote Code Execution via Angular-Base64-Upload CVE-2024-42640 Severity: ⚠️ Critical Maturity: 🧨 Trending Learn more: https://t.co/GtOO4GI4Kk #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
57 Impressions
1 Retweet
3 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨CVE-2024-42640: Unauthenticated Remote Code Execution via Angular-Base64-Upload Library https://t.co/ypa9Awh0bP
@DarkWebInformer
3834 Impressions
6 Retweets
29 Likes
4 Bookmarks
0 Replies
0 Quotes
Angular-Base64-Uploadにおける認証不要遠隔コード実行の脆弱性CVE-2024-42640と、そのPoC(攻撃の概念実証コード)について。CVSSスコア10。同梱されているデモのserver.phpがフリーアップローダー状態のでなんでもできる。バージョンアップかdemoフォルダの削除が対処。 https://t.co/ybm1ZG6kyq
@__kokumoto
574 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes