Login Sign Up

CVE-2024-49380

7.5 HIGH
Remote Code Execution

📋 TL;DR

Plenti static site generator versions before 0.7.2 have an arbitrary file write vulnerability in the /postLocal endpoint when serving websites. This allows attackers to write malicious files to the server, potentially leading to remote code execution. Users running Plenti websites with the vulnerable versions are affected.

💻 Affected Systems

Products:
  • Plenti static site generator
Versions: All versions prior to 0.7.2
Operating Systems: All platforms running Plenti
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is present when using the built-in web server to serve Plenti websites.

📦 What is this software?

Plenti by Plenti

View all CVEs affecting Plenti →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Arbitrary file write allowing attackers to upload malicious scripts or overwrite critical files.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are applied.

🌐 Internet-Facing: HIGH - The vulnerability is exposed when serving websites, making internet-facing instances particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but have reduced attack surface compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is in a web endpoint and requires no authentication, making exploitation straightforward for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.7.2

Vendor Advisory: https://github.com/plentico/plenti/releases/tag/v0.7.2

Restart Required: Yes

Instructions:

1. Stop the Plenti web server. 2. Update Plenti to version 0.7.2 or later using your package manager or by downloading from GitHub. 3. Restart the web server.

🔧 Temporary Workarounds

Disable built-in web server

all

Use an external web server (nginx, Apache) to serve Plenti-generated static files instead of using Plenti's built-in server.

Stop the Plenti serve process
Configure external web server to serve the static site files

Network isolation

all

Restrict network access to the Plenti web server using firewall rules.

Configure firewall to only allow trusted IPs to access the Plenti server port

🧯 If You Can't Patch

  • Isolate the Plenti server in a restricted network segment with no internet access
  • Implement strict file system permissions and monitor for unauthorized file writes

🔍 How to Verify

Check if Vulnerable:

Check if Plenti version is below 0.7.2 and if the built-in web server is running.

Check Version:

plenti --version

Verify Fix Applied:

Confirm Plenti version is 0.7.2 or higher and test that the /postLocal endpoint no longer accepts arbitrary file writes.

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /postLocal endpoint
  • Unexpected file creation in Plenti directories

Network Indicators:

  • POST requests to /postLocal with suspicious file paths in payload

SIEM Query:

source="plenti.log" AND (uri_path="/postLocal" OR message="file write")

📊 Metadata

CVE ID: CVE-2024-49380
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-74
Published: October 25, 2024
Last Updated: May 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49380, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)