What is the CVSS score of CVE-2024-57968?

CVE-2024-57968 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 44.2%.

Which versions of Veracore are affected by CVE-2024-57968?

Organizations using Advantive VeraCore before 2024.4.2.1 face critical risk from CVE-2024-57968, a unrestricted file upload vulnerability rated CVSS 9.9.

Is there a public PoC exploit available for CVE-2024-57968?

Yes, a public proof-of-concept exploit is available for CVE-2024-57968. Prioritise patching immediately. EPSS: 44.2%.

How to fix or mitigate CVE-2024-57968?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Veracore CVE-2024-57968

CRITICAL

Unrestricted Upload of File with Dangerous Type (CWE-434)

2025-02-03 cve@mitre.org

File Upload Veracore

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:07 vuln.today

Added to CISA KEV

Nov 04, 2025 - 16:38 cisa

CISA KEV

PoC Detected

Nov 04, 2025 - 16:38 vuln.today

Public exploit code

CVE Published

Feb 03, 2025 - 20:15 nvd

CRITICAL 9.9

DescriptionNVD

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders (e.g., ones that are accessible during web browsing by other users). upload.aspx can be used for this.

AnalysisAI

Advantive VeraCore warehouse management system allows authenticated users to upload files to unintended directories, enabling web shell deployment through the upload.aspx endpoint.

Technical ContextAI

The CWE-434 unrestricted file upload in upload.aspx allows path manipulation to write files to web-accessible directories outside the intended upload folder. Authenticated users can upload ASPX web shells that execute with the application's privileges.

RemediationAI

Update VeraCore. Restrict upload functionality. Scan web directories for unauthorized ASPX files. Monitor IIS logs for web shell access patterns.

CVE-2024-57968 vulnerability details – vuln.today

Back

Veracore CVE-2024-57968

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code