CVE-2024-44849

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-44849
Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAcesso.php.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://blog.extencil.me/information-security/cves/cve-2024-44849 Exploit Third Party Advisory
https://github.com/extencil/CVE-2024-44849?tab=readme-ov-file Third Party Advisory
https://www.qualitor.com.br/official-security-advisory-cve-2024-44849 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qualitor:qualitor:8.20:*:*:*:*:*:*:*
cpe:2.3:a:qualitor:qualitor:8.24:*:*:*:*:*:*:*
History

01 Jul 2025, 20:37

Type Values Removed Values Added
References () https://blog.extencil.me/information-security/cves/cve-2024-44849 - () https://blog.extencil.me/information-security/cves/cve-2024-44849 - Exploit, Third Party Advisory
References () https://github.com/extencil/CVE-2024-44849?tab=readme-ov-file - () https://github.com/extencil/CVE-2024-44849?tab=readme-ov-file - Third Party Advisory
References () https://www.qualitor.com.br/official-security-advisory-cve-2024-44849 - () https://www.qualitor.com.br/official-security-advisory-cve-2024-44849 - Vendor Advisory
CPE cpe:2.3:a:qualitor:qualitor:8.20:*:*:*:*:*:*:*
cpe:2.3:a:qualitor:qualitor:8.24:*:*:*:*:*:*:*
First Time Qualitor
Qualitor qualitor

12 Jun 2025, 17:15

Type Values Removed Values Added
References
  • () https://www.qualitor.com.br/official-security-advisory-cve-2024-44849 -
Summary
  • (es) Qualitor hasta 8.24 es vulnerable a la ejecución remota de código (RCE) a través de la carga de archivos arbitrarios en checkAcesso.php.

09 Sep 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8
CWE CWE-434

09 Sep 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-09 18:15

Updated : 2025-07-01 20:37

NVD link : CVE-2024-44849

Mitre link : CVE-2024-44849

CVE.ORG link : CVE-2024-44849

JSON object : View

Products Affected

qualitor

  • qualitor
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type