CVE-2024-58279

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-58279
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58279.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-58279
Published
2025-12-10T22:16:19.543Z
Modified
2026-03-14T12:40:30.970614Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.

References

Affected packages

Git / github.com/apprain/apprain

Affected ranges

Type
GIT
Repo
https://github.com/apprain/apprain
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
eaf9a2a9e8078e0734f95c2bf10f8130f64d2fff
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.5"
        }
    ]
}

Affected versions

3.*
3.0.3
3.0.3.1
4.*
4.0.2
4.0.3
4.0.5
Other
PHP-FRAMEWORK
V4.*
V4.0.1
v4.*
v4.0.4
v4.0.5

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-58279.json"