CVE-2024-24350 – An authenticated file upload vulnerability in S... (How to Fix)

Q: What is the severity of CVE-2024-24350?

CVE-2024-24350 has a CVSS score of 8.8 (HIGH). An authenticated file upload vulnerability in Software Publico e-Sic Livre v2.0 and earlier allows remote attackers to bypass extension filtering and upload malicious files, leading to remote code execution. This affects all deployments running vulnerable versions of this Brazilian government transparency software.

📋 TL;DR

An authenticated file upload vulnerability in Software Publico e-Sic Livre v2.0 and earlier allows remote attackers to bypass extension filtering and upload malicious files, leading to remote code execution. This affects all deployments running vulnerable versions of this Brazilian government transparency software.

💻 Affected Systems

Products:

Software Publico e-Sic Livre

Versions: v2.0 and earlier

Operating Systems: Any OS running the application

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access, but default installations are vulnerable.

📦 What is this software?

E Sic Livre by Softwarepublico

View all CVEs affecting E Sic Livre →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the server, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Webshell upload leading to command execution, data manipulation, and potential privilege escalation on the affected system.

🟢

If Mitigated

Limited impact with proper file upload restrictions, but still potential for denial of service or limited file system access.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Implement strict file upload validation

all

Add server-side validation for file extensions, MIME types, and file content scanning

Restrict upload directory permissions

linux

Set upload directory to read-only for web server user and prevent execution of uploaded files

chmod 755 /path/to/upload/directory
chown root:root /path/to/upload/directory

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious file uploads
Disable file upload functionality entirely if not required

🔍 How to Verify

Check if Vulnerable:

Check application version in admin panel or configuration files. If version is 2.0 or earlier, assume vulnerable.

Check Version:

Check config files or admin interface for version information

Verify Fix Applied:

Test file upload functionality with malicious extensions to ensure proper validation is in place.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with executable extensions
Multiple failed upload attempts
Successful uploads of unusual file types

Network Indicators:

POST requests to upload endpoints with suspicious file names
Traffic to unexpected ports from web server

SIEM Query:

source="web_logs" AND (uri_path="/upload" OR uri_path="/file/upload") AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp")

📊 Metadata

CVE ID: CVE-2024-24350

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: February 8, 2024

Last Updated: May 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24350, you might also want to check these: