CVE-2024-51791

Name of the Vulnerable Software and Affected Versions Made I.T. Forms versions from n/a through 2.8.0

Description The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to remote code execution (RCE). The vulnerability can be exploited without authentication, making it a pre-authentication issue. There is evidence of a 0-click RCE exploit that combines unrestricted file upload with brute forcing.

Recommendations For Made I.T. Forms versions from n/a through 2.8.0, consider disabling the file upload feature until a patch is available to prevent the upload of malicious files. Restrict access to the web server to minimize the risk of exploitation. Avoid using the vulnerable version of Made I.T. Forms until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.