CVE-2024-58279: CWE-434 Unrestricted Upload of File with Dangerous Type in apprain appRain CMF
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.
AI Analysis
Technical Summary
CVE-2024-58279 is an authenticated remote code execution vulnerability in appRain CMF 4.0.5 caused by unrestricted upload of files with dangerous types (CWE-434). Administrative users can upload malicious PHP files through the filemanager upload endpoint, which are stored in the uploads directory and can be executed as web shells, allowing command execution on the server. The vulnerability has a CVSS 4.0 base score of 8.6, indicating high severity, with network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an attacker with administrative privileges to execute arbitrary code on the affected server by uploading and executing malicious PHP files. This can lead to full compromise of the web server, data theft, or further lateral movement. The vulnerability does not require user interaction but does require authenticated administrative access. There are no known public exploits currently reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted users only and monitor file uploads closely. Consider implementing additional file upload restrictions or web application firewall rules to block PHP file uploads if feasible.
CVE-2024-58279: CWE-434 Unrestricted Upload of File with Dangerous Type in apprain appRain CMF
Description
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by uploading a crafted PHP file to the site's uploads directory.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-58279 is an authenticated remote code execution vulnerability in appRain CMF 4.0.5 caused by unrestricted upload of files with dangerous types (CWE-434). Administrative users can upload malicious PHP files through the filemanager upload endpoint, which are stored in the uploads directory and can be executed as web shells, allowing command execution on the server. The vulnerability has a CVSS 4.0 base score of 8.6, indicating high severity, with network attack vector, low attack complexity, no user interaction, and high impact on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation allows an attacker with administrative privileges to execute arbitrary code on the affected server by uploading and executing malicious PHP files. This can lead to full compromise of the web server, data theft, or further lateral movement. The vulnerability does not require user interaction but does require authenticated administrative access. There are no known public exploits currently reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict administrative access to trusted users only and monitor file uploads closely. Consider implementing additional file upload restrictions or web application firewall rules to block PHP file uploads if feasible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-12-10T14:35:24.454Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 6939e5605ab76fdc5f2656e3
Added to database: 12/10/2025, 9:25:52 PM
Last enriched: 4/7/2026, 10:53:45 PM
Last updated: 5/8/2026, 8:19:47 PM
Views: 120
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.