CVE-2024-51743: MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitr
Summary
MarkUs (a web application for student assignment submission and grading) has a vulnerability in versions before 2.4.8 that allows authenticated instructors to write files anywhere on the web server, potentially leading to remote code execution (the ability to run commands on a system from a distance). This happens because the file upload methods don't properly restrict where files can be saved.
Solution / Mitigation
Upgrade to MarkUs v2.4.8 or later. The source states: 'MarkUs v2.4.8 has addressed this issue' and notes that 'no known workarounds are available at the application level aside from upgrading.'
Vulnerability Details
8.8(high)
EPSS: 2.0%
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-51743
First tracked: February 15, 2026 at 08:37 PM
Classified by LLM (prompt v3) · confidence: 72%