CVE-2024-57169
Published: 18 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2024-57169 is a file upload bypass vulnerability in SOPlanning version 1.53.00, specifically affecting the /process/upload.php endpoint. This flaw allows remote attackers to circumvent upload restrictions, enabling the upload of malicious files that could lead to remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).
Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By bypassing file upload validations, attackers can upload web shells or other malicious payloads to the server, potentially achieving full remote code execution and compromising the affected SOPlanning instance.
Advisories detailing the vulnerability, including analysis of the arbitrary file upload leading to RCE, are available at https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-upload-leading-to-rce.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability is an arbitrary file upload bypass in a public-facing web app (enabling T1190) that directly allows deployment of web shells for RCE (T1505.003).