.. / CVE-2024-34982

Exploit for LyLme-Spage - Arbitary File Upload (CVE-2024-34982)

Description:

An arbitrary file upload vulnerability in the component /include/file.php of lylme_spage v1.9.5 allows attackers to execute arbitrary code via uploading a crafted file.

Nuclei Template

View the template here CVE-2024-34982.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-34982.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-34982
https://github.com/tanjiti/sec_profile
https://github.com/ATonysan/poc-exp/blob/main/60NavigationPage_CVE-2024-34982_ArbitraryFileUploads.py
https://github.com/n2ryx/CVE/blob/main/Lylme_pagev1.9.5.md