CVE Catalog

CVE-2024-50660

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.87%

54th percentile - higher than 54% of all known CVEs

Summary

A file upload bypass vulnerability in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality.

Risk Assessment

An attacker can upload a malicious file and gain full control over the server, leading to compromise of data confidentiality, integrity, and availability.

Recommendation

Immediately update AdPortal to the latest version and implement file type validation and permission restrictions on the upload directory.

Original NVD description (English source)

File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality

Vulnerability data from NVD (NIST) · CISA KEV · EPSS