Cyber Resilience

CVE-2024-44849

CriticalPublic PoC

Published: 09 September 2024

Published
09 September 2024
Modified
01 July 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9207 99.7th percentile
Risk Priority 75 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-44849 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Qualitor Qualitor. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Qualitor versions up to 8.24 contain an unrestricted file upload flaw (CWE-434) in checkAcesso.php that permits remote code execution. The vulnerability carries a CVSS 3.1 base score of 9.8 and can be triggered over the network without authentication or user interaction, allowing an attacker to place and execute arbitrary code on the server.

An unauthenticated remote attacker can send a crafted HTTP request that uploads a malicious file through the affected endpoint, after which the uploaded payload can be invoked to achieve full system compromise, including execution of commands with the privileges of the web server process.

Public references include a detailed technical write-up, a proof-of-concept repository, and Qualitor’s official security advisory that addresses CVE-2024-44849.

The CVE’s EPSS score stands at 0.9207, indicating a high likelihood of exploitation in the wild.

EU & UK References

Vulnerability details

Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

CVE-2024-44849 enables unauthenticated arbitrary file upload in a public-facing web application (Qualitor ITSM), allowing exploitation for initial access (T1190) and deployment/execution of web shells for RCE (T1100).

Affected Assets

qualitor
qualitor
8.20, 8.24

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-434

Requiring identifiable owners for portable devices reduces the attack surface for unrestricted uploads of dangerous file types via anonymous media.

addresses: CWE-434

Dangerous file uploads can be detonated in the chamber to determine malice before any production write or execution occurs.

addresses: CWE-434

Prevents unrestricted writing of arbitrary or malicious firmware by keeping hardware write-protect enabled except under tightly controlled manual procedures.

addresses: CWE-434

Scans files from external sources on download/open/execute, blocking unrestricted uploads of dangerous file types.

References