CVE-2024-53303: A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated...

Description

A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated attackers to execute arbitrary code via a crafted POST request.

Classification

CVE ID: CVE-2024-53303

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.26% (probability of being exploited)

EPSS Percentile: 48.84% (scored less or equal to compared to others)

EPSS Date: 2025-04-30 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2024-53303
https://gist.github.com/fern89/3464e8428d7675e4f0f390a6b2b2842e

Timeline

2025-04-16 18:40:22 UTC
CVE

A remote code execution (RCE) vulnerability in the upload_file function of LRQA Nettitude PoshC2 after commit 123db87 allows authenticated...