CVE-2024-42640
published 2024-10-11CVE-2024-42640: angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
43.68%
98.6th percentile
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on HTTP GET requests to demo/uploads/ paths under angular-base64-upload directories, which indicate execution of a previously uploaded payload ↗
- →Monitor for outbound HTTP GET requests to raw.githubusercontent.com fetching php-reverse-shell during exploitation, indicating the attacker is staging a reverse shell payload ↗
- →Flag HTTP responses from demo/uploads/ containing PHP execution output (e.g. cmd parameter responses), indicating successful webshell execution via ?cmd= query string ↗
- →Nuclei template matcher: flag responses where body contains 'uploads/<filename>.php' with HTTP 200 from the server.php endpoint, confirming successful file upload ↗
- ·The vulnerability only exists in the demo/ directory which should never be deployed to production; exploitation requires the demo files (server.php, uploads/) to be publicly accessible on the server ↗
- ·The exploit targets both bower_components and node_modules installation paths; detection rules must cover both directory prefixes to avoid blind spots ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
angular-base64-upload vulnerable to unauthenticated remote code execution
ghsa·2024-10-11
CVE-2024-42640 [CRITICAL] CWE-434 angular-base64-upload vulnerable to unauthenticated remote code execution
angular-base64-upload vulnerable to unauthenticated remote code execution
angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the `angular-base64-upload/demo/server.php` endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the `angular-base64-upload/demo/uploads` endpoint. This leads to the execution of previously uploaded content which enables the attacker to achieve code execution on the server.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
OSV
angular-base64-upload vulnerable to unauthenticated remote code execution
osv·2024-10-11
CVE-2024-42640 [CRITICAL] angular-base64-upload vulnerable to unauthenticated remote code execution
angular-base64-upload vulnerable to unauthenticated remote code execution
angular-base64-upload versions prior to v0.1.21 are vulnerable to unauthenticated remote code execution via the `angular-base64-upload/demo/server.php` endpoint. Exploitation of this vulnerability involves uploading arbitrary file content to the server, which can subsequently accessed through the `angular-base64-upload/demo/uploads` endpoint. This leads to the execution of previously uploaded content which enables the attacker to achieve code execution on the server.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
VulnCheck
Angular-base64-upload demo/server.php Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-42640 [CRITICAL] Angular-base64-upload demo/server.php Vulnerability
Angular-base64-upload demo/server.php Vulnerability
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected: Adones Pitogo angular-base64-upload
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulncheck.com/v3/inde
No detection rules found.
Exploit-DB
Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
exploitdb·2025-04-17·CVSS 9.8
CVE-2024-42640 [CRITICAL] Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
---
# Exploit Title: Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)
# Date: 10 October 2024
# Discovered by : Ravindu Wickramasinghe | rvz (@rvizx9)
# Exploit Author: Ravindu Wickramasinghe | rvz (@rvizx9)
# Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload
# Software Link: https://github.com/adonespitogo/angular-base64-upload
# Version: prior to v0.1.21
# Tested on: Arch Linux
# CVE : CVE-2024-42640
# Severity: Critical - 10.0 (CVSS 4.0)
# Github Link : https://github.com/rvizx/CVE-2024-42640
# Blog Post : https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
import re
import subprocess
import requests
import sys
import os
imp
Exploit-DB
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
exploitdb·2025-04-04·CVSS 9.8
CVE-2024-42640 [CRITICAL] Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
---
# Exploit Title: Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)
# Date: 10 October 2024
# Discovered by : Ravindu Wickramasinghe | rvz (@rvizx9)
# Exploit Author: Ravindu Wickramasinghe | rvz (@rvizx9)
# Vendor Homepage: https://www.npmjs.com/package/angular-base64-upload
# Software Link: https://github.com/adonespitogo/angular-base64-upload
# Version: prior to v0.1.21
# Tested on: Arch Linux
# CVE : CVE-2024-42640
# Severity: Critical - 10.0 (CVSS 4.0)
# Github Link : https://github.com/rvizx/CVE-2024-42640
# Blog Post : https://www.zyenra.com/blog/unauthenticated-rce-in-angular-base64-upload.html
# DISCLAIMER:
# This proof-of-concept (POC) exploit is provided strictly for educational and resear
Nuclei
Angular-Base64-Upload - Remote Code Execution
nuclei·CVSS 9.8
CVE-2024-42640 [CRITICAL] Angular-Base64-Upload - Remote Code Execution
Angular-Base64-Upload - Remote Code Execution
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this vulnerability allows an attacker to upload arbitrary content to the server, which can subsequently be accessed through demo/uploads. This leads to the execution of previously uploaded content and enables the attacker to achieve code execution on the server. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Template:
id: CVE-2024-42640
info:
name: Angular-Base64-Upload - Remote Code Execution
author: s4e-io
severity: critical
description: |
angular-base64-upload prior to v0.1.21 is vulnerable to unauthenticated remote code execution via demo/server.php. Exploiting this
No writeups or analysis indexed.
2024-10-11
Published
Exploited in the wild