CVE-2024-42640 Scanner
CVE-2024-42640 scanner - Remote Code Execution (RCE) vulnerability in Angular Base64 Upload
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
4 weeks
Scan only one
Domain, IPv4
Toolbox
-
Angular Base64 Upload is a library designed to simplify the process of uploading base64 encoded files in AngularJS applications. It is commonly used by developers integrating file upload functionalities into web applications. The library supports customizable and easy-to-implement file handling for modern web applications. While efficient for its purpose, it has been deprecated and no longer maintained. Developers in search of alternative upload solutions often rely on this library in legacy projects.
The CVE-2024-42640 vulnerability in Angular Base64 Upload allows an unauthenticated attacker to execute remote code on the server. The issue stems from a misconfigured demo server endpoint (server.php
) that permits arbitrary content upload. Exploited successfully, it enables attackers to upload executable files and subsequently execute them. This critical flaw poses severe risks, especially in unsupported systems that still utilize the library.
The vulnerability lies in the demo/server.php
endpoint, which accepts file uploads without authentication or validation. Attackers can send a base64-encoded payload alongside a crafted file name to this endpoint. Uploaded files are stored in the demo/uploads
directory, where they remain executable by default. The lack of validation on file types and the absence of access restrictions further exacerbate the risk. Successful exploitation allows the attacker to execute PHP scripts, gaining complete control over the server.
Possible Effects:
- Full server compromise due to unauthorized remote code execution.
- Deployment of malware or backdoors on the server.
- Extraction of sensitive data from the compromised server.
- Possible pivoting to other parts of the network, escalating the attack scope.
With S4E, protect your digital assets from critical vulnerabilities like CVE-2024-42640. Gain peace of mind with proactive monitoring, automated scanning, and in-depth reports tailored to your organization's security needs. By becoming a member, you access a comprehensive cybersecurity toolkit that helps mitigate risks effectively. Stay ahead of potential threats and safeguard your systems with our easy-to-use platform.
References: