CVE-2024-50530 is an unrestricted file upload vulnerability affecting Myriad Solutionz Stars SMTP Mailer versions up to and including 2.2.1. The flaw allows attackers to upload files of dangerous types, such as web shells, without proper validation or restrictions. This occurs because the application fails to enforce adequate checks on the file extensions or content types during the upload process. As a result, an attacker can upload a malicious script disguised as a legitimate file, which can then be executed on the web server hosting the application. This leads to remote code execution, enabling attackers to execute arbitrary commands, escalate privileges, steal sensitive data, or pivot within the network. The vulnerability does not require authentication or user interaction, making it highly exploitable remotely. Despite no known exploits in the wild at the time of publication, the vulnerability represents a critical risk due to the nature of SMTP mailer applications often being exposed to the internet and integrated into business communication workflows. The lack of a CVSS score necessitates a severity assessment based on the potential impact and exploitability, which is critical in this case.

The impact of CVE-2024-50530 is potentially devastating for organizations using Stars SMTP Mailer. Successful exploitation can lead to full remote code execution on the affected server, resulting in complete system compromise. Attackers can deploy web shells to maintain persistent access, steal or manipulate sensitive email data, disrupt mail services, or use the compromised server as a foothold for further attacks within the corporate network. This can lead to data breaches, loss of confidentiality and integrity of communications, service outages, and reputational damage. Given that SMTP mailers are often part of critical communication infrastructure, the disruption can affect business continuity and compliance with data protection regulations. The ease of exploitation without authentication increases the likelihood of attacks, especially from opportunistic threat actors scanning for vulnerable servers.

To mitigate CVE-2024-50530, organizations should immediately upgrade Stars SMTP Mailer to a version where this vulnerability is patched once available. Until a patch is released, implement strict file upload controls such as disabling file uploads if not required, or restricting uploads to safe file types using server-side validation. Employ web application firewalls (WAFs) with rules to detect and block malicious file upload attempts and web shell signatures. Monitor web server logs for unusual upload activity or execution of suspicious scripts. Isolate the SMTP mailer server within a segmented network zone with limited access to critical systems. Regularly back up data and maintain incident response plans to quickly remediate any compromise. Additionally, conduct security assessments and penetration testing focused on file upload functionalities to identify and remediate similar issues proactively.