CVE-2024-50660

CVE-2024-50660 is a critical file upload bypass vulnerability in AdPortal 3.0.39, enabling remote attackers to execute arbitrary code through the file upload functionality. Assigned CWE-94 (code injection), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, lack of required privileges or user interaction, and potential for complete compromise of confidentiality, integrity, and availability.

Any unauthenticated remote attacker can exploit this vulnerability by uploading malicious files via the affected functionality, leading to arbitrary code execution on the server. The attack requires no special privileges or user interaction, making it highly practical for widespread exploitation against exposed AdPortal 3.0.39 instances.

Mitigation details are available in vendor advisories and related documents, including resources at http://adportal.com, http://ipublish.com, and https://petercipolone.info/wp-content/uploads/2025/01/iPublishMedia_AdPortal3.0.39_CVEs.pdf, which security practitioners should review for patching instructions, workarounds, or configuration changes. The vulnerability was published on 2025-01-07.