What is CVE-2024-42640?

CVE-2024-42640 is a vulnerability in N/a. Published 2024-10-11.

Is CVE-2024-42640 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-42640

angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be access…

EPSS: 0.892 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rvizx/CVE-2024-42640
rvzsec/CVE-2024-42640
KTN1990/CVE-2024-42640
20142995/nuclei-templates
cyb3r-w0lf/nuclei-template-collection
nomi-sec/PoC-in-GitHub

References

github.com/adonespitogo/angular-base64-upload
www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html

Frequently asked questions

What is CVE-2024-42640?: CVE-2024-42640 is a vulnerability in N/a. Published 2024-10-11.
Is CVE-2024-42640 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.