Cyber Posture

CVE-2024-51319

HighPublic PoC

Published: 11 March 2025

Published
11 March 2025
Modified
28 May 2025
KEV Added
Patch
CVSS Score 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
EPSS Score 0.0057 68.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

Security Summary

CVE-2024-51319 is a local file inclusion vulnerability (CWE-98) in the /servlet/Report component of Zucchetti Ad Hoc Infinity 2.4. The flaw allows an authenticated attacker to achieve remote code execution by uploading a JSP web shell or reverse shell through the /jsp/zimg_upload.jsp endpoint.

The attack requires local access (AV:L), low privileges (PR:L), and low complexity (AC:L), with no user interaction (UI:N) and unchanged scope (S:U), earning a CVSS v3.1 base score of 7.3 (C:H/I:H/A:L). An authenticated attacker can exploit this to upload and execute arbitrary JSP code, resulting in remote code execution on the affected system.

Mitigation details are available in the advisory from BackBox at https://members.backbox.org/zucchetti-ad-hoc-infinity-multiple-vulnerabilities/. The CVE was published on 2025-03-11T15:15:42.313.

Details

CWE(s)
CWE-98

Affected Products

zucchetti
ad hoc infinity
2.4

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

The LFI vulnerability in the web application directly enables exploitation for RCE via upload and execution of a JSP web shell, mapping to T1190 (Exploit Public-Facing Application) and T1505.003 (Web Shell).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References