Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-37762

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Jul, 2024 | 00:00
Updated At-02 Aug, 2024 | 03:57
Rejected At-
Credits

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Jul, 2024 | 00:00
Updated At:02 Aug, 2024 | 03:57
Rejected At:
▼CVE Numbering Authority (CNA)

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Atreb92/cve-2024-37762
N/A
Hyperlink: https://github.com/Atreb92/cve-2024-37762
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
machform
Product
machform
CPEs
  • cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 21 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434 Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434 Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/Atreb92/cve-2024-37762
x_transferred
Hyperlink: https://github.com/Atreb92/cve-2024-37762
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Jul, 2024 | 22:15
Updated At:30 Apr, 2025 | 16:37

MachForm up to version 21 is affected by an authenticated unrestricted file upload which leads to a remote code execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CPE Matches
machform
machform
>>machform>>Versions before 21(exclusive)
cpe:2.3:a:machform:machform:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-434Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-434
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Atreb92/cve-2024-37762cve@mitre.org
Exploit
Third Party Advisory
https://github.com/Atreb92/cve-2024-37762af854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
Hyperlink: https://github.com/Atreb92/cve-2024-37762
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://github.com/Atreb92/cve-2024-37762
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

117Records found
CVE-2023-34385
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 53.90%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:44
Updated-02 Aug, 2024 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Export Import Menus Plugin <= 1.8.0 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in Akshay Menariya Export Import Menus.This issue affects Export Import Menus: from n/a through 1.8.0.

Action-Not Available
Vendor-akshaymenariyaAkshay Menariya
Product-export_import_menusExport Import Menus
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-34007
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 53.90%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:49
Updated-02 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Download Monitor Plugin <= 4.8.3 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.3.

Action-Not Available
Vendor-wpchillWPChill
Product-download_monitorDownload Monitor
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-31215
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.31% / 53.90%
||
7 Day CHG~0.00%
Published-20 Dec, 2023 | 18:59
Updated-20 Nov, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Dropshipping & Affiliation with Amazon Plugin <= 2.1.2 is vulnerable to Arbitrary File Upload

Unrestricted Upload of File with Dangerous Type vulnerability in AmaderCode Lab Dropshipping & Affiliation with Amazon.This issue affects Dropshipping & Affiliation with Amazon: from n/a through 2.1.2.

Action-Not Available
Vendor-amadercodeAmaderCode Lab
Product-dropshipping_\&_affiliation_with_amazonDropshipping & Affiliation with Amazon
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-52429
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-32.80% / 96.73%
||
7 Day CHG~0.00%
Published-18 Nov, 2024 | 14:19
Updated-20 Nov, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Quick Setup plugin <= 2.0 - Arbitrary Plugin and Theme Installation to Remote Code Execution vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0.

Action-Not Available
Vendor-antonhoelstadAnton Hoelstadanton_hoelstad
Product-wp_quick_setupWP Quick Setupwp_quick_setup
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-51548
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-8.7||HIGH
EPSS-0.17% / 38.59%
||
7 Day CHG+0.02%
Published-05 Dec, 2024 | 12:52
Updated-05 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dangerous File Upload

Dangerous File Upload vulnerabilities allow upload of malicious scripts.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Action-Not Available
Vendor-ABB
Product-MATRIX SeriesNEXUS SeriesASPECT-Enterpriseaspect_enterprisenexus_seriesmatrix_series
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-50427
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-47.25% / 97.60%
||
7 Day CHG+1.20%
Published-29 Oct, 2024 | 08:31
Updated-29 Oct, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Devsoft Baltic OÜ SurveyJS: Drag & Drop WordPress Form Builder.This issue affects SurveyJS: Drag & Drop WordPress Form Builder: from n/a through 1.9.136.

Action-Not Available
Vendor-Devsoft Baltic OÜdevsoft_baltic
Product-SurveyJS: Drag & Drop WordPress Form Buildersurveyjs
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-61.29% / 98.25%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:38
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portfolleo plugin <= 1.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in James Eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through 1.2.

Action-Not Available
Vendor-James Eggersjames_egger
Product-Portfolleoportfolleo
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49658
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.48%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:37
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woocommerce Custom Profile Picture plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Ecomerciar Woocommerce Custom Profile Picture allows Upload a Web Shell to a Web Server.This issue affects Woocommerce Custom Profile Picture: from n/a through 1.0.

Action-Not Available
Vendor-Ecomerciarecomerciar
Product-Woocommerce Custom Profile Picturewoocommerce_custom_profile_picture
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49652
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.48%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:39
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 3D Work In Progress plugin <= 1.0.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in ReneeCussack 3D Work In Progress allows Upload a Web Shell to a Web Server.This issue affects 3D Work In Progress: from n/a through 1.0.3.

Action-Not Available
Vendor-ReneeCussackreneecussack
Product-3D Work In Progress3d_work_in_progress
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49671
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.45% / 62.59%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 15:34
Updated-25 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Postpix plugin <= 1.1.8 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix allows Upload a Web Shell to a Web Server.This issue affects AI Image Generator for Your Content & Featured Images – AI Postpix: from n/a through 1.1.8.

Action-Not Available
Vendor-Dogu Pekgozpostpix
Product-AI Image Generator for Your Content & Featured Images – AI Postpixai_postpix
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-48035
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.48%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 13:05
Updated-16 Oct, 2024 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ACF Images Search And Insert plugin <= 1.1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Takayuki Imanishi ACF Images Search And Insert allows Upload a Web Shell to a Web Server.This issue affects ACF Images Search And Insert: from n/a through 1.1.4.

Action-Not Available
Vendor-Takayuki Imanishitakayukiimanishi
Product-ACF Images Search And Insertacf_images_search_and_insert
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-49331
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.49% / 64.48%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 08:43
Updated-24 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Property Lot Management System plugin <= 4.2.38 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38.

Action-Not Available
Vendor-myriadsolutionzMyriad Solutionzmyriad_solutionz
Product-property_lot_management_systemProperty Lot Management Systemproperty_lot_management_system
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-4197
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.89% / 74.49%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 04:01
Updated-21 Jan, 2025 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya IP Office One-X Portal File Upload Vulnerability

An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.

Action-Not Available
Vendor-Avaya LLC
Product-ip_officeIP Officeip_office
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-46479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-13 Jan, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution.

Action-Not Available
Vendor-Venki
Product-Supravizio BPM
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-32514
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.48% / 64.24%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:58
Updated-09 Jun, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Poll Maker plugin <= 3.4 - Authenticated Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Poll Maker & Voting Plugin Team (InfoTheme) WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.4.

Action-Not Available
Vendor-infothemePoll Maker & Voting Plugin Team (InfoTheme)
Product-wp_poll_makerWP Poll Maker
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-8463
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.9||CRITICAL
EPSS-0.19% / 40.82%
||
7 Day CHG~0.00%
Published-05 Sep, 2024 | 12:49
Updated-12 Sep, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File upload restriction bypass vulnerability in Job Portal

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

Action-Not Available
Vendor-PHPGurukul LLP
Product-job_portalJob Portaljob_portal
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2024-31280
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.9||CRITICAL
EPSS-0.44% / 62.13%
||
7 Day CHG+0.12%
Published-07 Apr, 2024 | 17:33
Updated-26 Aug, 2024 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Church Admin plugin <= 4.1.5 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.

Action-Not Available
Vendor-Andy Moyleandymoyle
Product-Church Adminchurch_admin
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found