CVE-2024-57968

CRITICAL
2025-02-03 [email protected]
9.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 18:07 vuln.today
Added to CISA KEV
Nov 04, 2025 - 16:38 cisa
CISA KEV
PoC Detected
Nov 04, 2025 - 16:38 vuln.today
Public exploit code
CVE Published
Feb 03, 2025 - 20:15 nvd
CRITICAL 9.9

Tags

File Upload Veracore

Description

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

Analysis

Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint.

Technical Context

The CWE-434 unrestricted file upload in upload.aspx allows path manipulation to write files to web-accessible directories outside the intended upload folder. Authenticated users can upload ASPX web shells that execute with the application's privileges.

Affected Products

['Advantive VeraCore before 2024.4.2.1']

Remediation

Update VeraCore. Restrict upload functionality. Scan web directories for unauthorized ASPX files. Monitor IIS logs for web shell access patterns.

Priority Score

164
Low Medium High Critical
KEV: +50
EPSS: +44.2
CVSS: +50
POC: +20

Share

CVE-2024-57968 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy