Cyber Resilience

CVE-2024-53345

High

Published: 07 January 2025

Published
07 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0891 92.8th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53345 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Car Rental Management (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

An authenticated arbitrary file upload vulnerability exists in Car Rental Management System versions 1.0 through 1.3. Tracked as CVE-2024-53345 and assigned CWE-434, the flaw permits an attacker to upload a crafted file that results in arbitrary code execution. It received a CVSS 3.1 base score of 8.8 reflecting network attack vector, low complexity, and low-privileged access without user interaction.

An authenticated user can exploit the weakness to upload and execute malicious files on the affected system, achieving full control over confidentiality, integrity, and availability of the application and underlying host. The published EPSS score remains flat at 0.0891 with no material increase since disclosure.

Public references consist of a placeholder vendor domain and a GitHub repository containing exploit details; no official advisories or patch information are provided in the available sources.

EU & UK References

Vulnerability details

An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload in public-facing web app directly enables RCE via web shell deployment.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

Car
Rental Management
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of the specific flaw enabling authenticated arbitrary file uploads leading to code execution.

prevent

Mandates validation of information inputs such as uploaded files to block crafted malicious content from being accepted and executed.

preventdetect

Deploys malicious code protection like scanning to prevent or identify execution of arbitrary code from uploaded crafted files.

References