Cyber Posture

CVE-2024-57169

CriticalPublic PoC

Published: 18 March 2025

Published
18 March 2025
Modified
02 April 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 56.0th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57169 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Soplanning Soplanning. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly addresses file upload bypass by validating uploaded files to ensure they are safe and reject dangerous types that could lead to RCE.

SI-3 Malicious Code Protection good match
preventdetect

Scans and eradicates malicious code in uploaded files such as web shells, preventing exploitation for remote code execution.

SI-9 Information Input Restrictions partial match
prevent

Restricts file types and input characteristics to block unrestricted uploads of dangerous files beyond simple validation bypasses.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

The vulnerability is an arbitrary file upload bypass in a public-facing web app (enabling T1190) that directly allows deployment of web shells for RCE (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

A file upload bypass vulnerability exists in SOPlanning 1.53.00, specifically in /process/upload.php. This vulnerability allows remote attackers to bypass upload restrictions and potentially achieve remote code execution by uploading malicious files.

Deeper analysisAI

CVE-2024-57169 is a file upload bypass vulnerability in SOPlanning version 1.53.00, specifically affecting the /process/upload.php endpoint. This flaw allows remote attackers to circumvent upload restrictions, enabling the upload of malicious files that could lead to remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-434 (Unrestricted Upload of File with Dangerous Type).

Unauthenticated remote attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By bypassing file upload validations, attackers can upload web shells or other malicious payloads to the server, potentially achieving full remote code execution and compromising the affected SOPlanning instance.

Advisories detailing the vulnerability, including analysis of the arbitrary file upload leading to RCE, are available at https://themcsam.github.io/posts/so-planing-vulnerabilities/#arbitrary-file-upload-leading-to-rce.

Details

CWE(s)
CWE-434

Affected Products

soplanning
soplanning
1.53.00

CVEs Like This One

CVE-2020-36942Shared CWE-434
CVE-2023-53933Shared CWE-434
CVE-2025-68909Shared CWE-434
CVE-2021-47757Shared CWE-434
CVE-2025-68986Shared CWE-434
CVE-2025-56704Shared CWE-434
CVE-2025-0471Shared CWE-434
CVE-2025-7437Shared CWE-434
CVE-2026-33647Shared CWE-434
CVE-2025-54441Shared CWE-434

References