Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2024-50623
PUBLISHEDIn Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that...
- Vendor
- Cleo
- Product
- ["Harmony", "VLTrader", "LexiCom"]
- Published
- Oct 27, 2024
- EPSS
- —
Description
In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Dec 13, 2024 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-50623.yaml | Apr 25, 2025 |
| Nessus | https://www.tenable.com/plugins/nessus/213295 | Dec 20, 2024 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2024-12-31 07:43:48 UTC · 4 stars
Cleo 远程代码执行漏洞批量检测脚本(CVE-2024-50623)
github · Created 2024-12-23 08:52:23 UTC · 6 stars
CVE-2024-50623 POC - Cleo Unrestricted file upload and download
github · Created 2024-12-11 14:19:55 UTC · 22 stars
Cleo Unrestricted file upload and download PoC (CVE-2024-50623)
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Nessus
-
Detected by Nuclei