CVE-2024-50620
Published: 11 February 2026
Summary
CVE-2024-50620 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Cipplanner Cipace. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates file uploads in the rich text editor and document management to reject dangerous executable types disguised as images.
Restricts uploads to only safe file types and formats, preventing authorized users from submitting executables via affected components.
Scans and blocks malicious code in uploaded files, mitigating execution risk even if dangerous types bypass initial checks.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unrestricted file upload (CWE-434) in web app directly enables web shell deployment and RCE via malicious executable upload over network.
NVD Description
Unrestricted Upload of File with Dangerous Type vulnerabilities exist in the rich text editor and document manage components in CIPPlanner CIPAce before 9.17. An authorized user can upload executable files when inserting images in the rich text editor, and upload…
more
executable files when uploading files on the document management page. Those executables can be executed if they are not stored in a shared directory or if the storage directory has executed permissions.
Deeper analysisAI
CVE-2024-50620 is an Unrestricted Upload of File with Dangerous Type vulnerability (CWE-434) affecting the rich text editor and document management components in CIPPlanner CIPAce versions prior to 9.17. It allows authorized users to upload executable files disguised as images during insertion in the rich text editor or directly via the document management upload page. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation with low complexity and privileges.
An authenticated attacker with low privileges (PR:L) can exploit this over the network without user interaction by uploading malicious executables through the affected components. If the uploaded files are stored outside a shared directory or the storage directory permits execution, the executables can run, potentially leading to high confidentiality, integrity, and availability impacts such as remote code execution on the server.
Mitigation details are outlined in vendor advisories, including CIPPlanner's public notification of resolution at https://cipplanner.com/cve-2024-50620-cve-public-notification-of-resolution/. Additional information is available on the vendor's Facebook page at https://www.facebook.com/people/CIPPlanner-Corporation/100082985059905/. Security practitioners should upgrade to CIPAce 9.17 or later and review storage directory permissions.
Details
- CWE(s)