angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 15 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Angular-base64-upload-project
Angular-base64-upload-project angular-base64-upload
Weaknesses CWE-434
CPEs cpe:2.3:a:angular-base64-upload-project:angular-base64-upload:*:*:*:*:*:*:*:*
Vendors & Products Angular-base64-upload-project
Angular-base64-upload-project angular-base64-upload
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 11 Oct 2024 15:45:00 +0000

Type Values Removed Values Added
Description angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-10-15T16:15:15.198Z

Reserved: 2024-08-05T00:00:00

Link: CVE-2024-42640

cve-icon Vulnrichment

Updated: 2024-10-15T16:15:06.757Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-11T16:15:08.040

Modified: 2024-10-15T17:35:04.623

Link: CVE-2024-42640

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.