What is CVE-2024-57487?

CVE-2024-57487 is a vulnerability in N/a. Published 2025-01-13.

Is CVE-2024-57487 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.

EPSS: 0.579 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488
rapid7/metasploit-framework
ARPSyndicate/cve-scores

References

code-projects.org/online-car-rental-using-php-source-code/
github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488

Frequently asked questions

What is CVE-2024-57487?: CVE-2024-57487 is a vulnerability in N/a. Published 2025-01-13.
Is CVE-2024-57487 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.