cbcvebase.
CVE-2024-29272
published 2024-03-22

CVE-2024-29272: Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive…

PriorityP258medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EXPLOIT
EPSS
9.37%
94.8th percentile
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.

Affected

2 ranges
VendorProductVersion rangeFixed in
vvvebvvvebjs< 1.7.51.7.5
vvvebvvvebjs>= 0 < 1.7.51.7.5

Detection & IOCsextracted from sources · hover to see the quote

path/save.php
path/demo/landing/index.php
otherfile=demo/landing/index.php
  • Detect unauthenticated POST requests to /save.php with a 'file' parameter pointing to a .php path (e.g., file=demo/landing/index.php), which indicates an arbitrary file upload/overwrite attempt.
  • A successful exploitation response contains the string 'File saved' with HTTP 200, confirming the malicious file was written to disk.
  • The vulnerability is triggered via the sanitizeFileName parameter in save.php; monitor for POST requests to this endpoint from unauthenticated sessions with Content-Type: application/x-www-form-urlencoded.
  • FOFA fingerprint icon_hash="524332373" can be used to identify exposed VvvebJs instances for proactive scanning.
  • ·The vulnerability affects VvvebJs versions before 1.7.5 only; version 1.7.5 and later are patched. Scope detection rules to the vulnerable CPE range.
  • ·Exploitation is unauthenticated (PR:N, UI:N), meaning no session or credentials are required; perimeter controls blocking anonymous POST to /save.php are an effective mitigation.
  • ·High EPSS score (0.894) and 99.5th percentile indicate active exploitation in the wild; treat detections as high-priority.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.