CVE-2024-48138

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 29, 2024 / Updated: 21d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

A remote code execution (RCE) vulnerability exists in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower. This vulnerability allows attackers to execute arbitrary code by injecting a crafted payload into a template.

Impact

This vulnerability has a severe impact potential. Attackers can exploit it to execute arbitrary code on the affected system, potentially leading to complete system compromise. The attack requires no user interaction and can be initiated from the network, making it highly dangerous. The vulnerability affects the confidentiality, integrity, and availability of the system, all rated as "HIGH" impact. Given its CVSS base score of 9.8 (Critical), this vulnerability poses a significant threat to affected systems.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no specific mention of an available patch. However, given that the vulnerability affects PluXml v5.8.16 and lower, it's likely that upgrading to a version higher than 5.8.16 (if available) would resolve the issue. The security team should check for the latest version of PluXml and any security advisories from the vendor.

Mitigation

1. Upgrade PluXml to a version higher than 5.8.16 if available. 2. If an immediate upgrade is not possible, consider temporarily disabling or restricting access to the affected component (/PluXml/core/admin/parametres_edittpl.php) until a patch can be applied. 3. Implement strong input validation and sanitization for all user inputs, especially those that interact with templates. 4. Apply the principle of least privilege to limit the potential impact of successful exploits. 5. Monitor systems for any suspicious activities, particularly those involving template modifications or unexpected code execution. 6. Implement network segmentation to limit the reach of potential attackers if they manage to exploit this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-48138

Oct 29, 2024 at 10:15 PM
First Article

Feedly found the first article mentioning CVE-2024-48138. See article

Oct 29, 2024 at 10:21 PM / National Vulnerability Database
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 30, 2024 at 10:18 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 30, 2024 at 3:41 PM / nvd
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 30, 2024 at 3:48 PM
Static CVE Timeline Graph

Affected Systems

Pluxml/pluxml
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

CVE-2024-48138
Critical Severity Description A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template. Read more at https://www.tenable.com/cve/CVE-2024-48138
CVE-2024-48138 - PluXml Remote Code Execution
CVE ID : CVE-2024-48138 Published : Oct. 29, 2024, 10:15 p.m. 18 hours, 3 minutes ago Description : A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template. Severity: 9.8 CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-48138 | PluXml up to 5.8.16 Template parametres_edittpl.php injection (Issue 829)
A vulnerability has been found in PluXml up to 5.8.16 and classified as critical . Affected by this vulnerability is an unknown functionality of the file /PluXml/core/admin/parametres_edittpl.php of the component Template Handler . The manipulation leads to injection. This vulnerability is known as CVE-2024-48138 . The attack can be launched remotely. There is no exploit available.
NA - CVE-2024-48138 - A remote code execution (RCE) vulnerability in...
A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted...
cveNotify : 🚨 CVE-2024-48138A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.🎖@cveNotify
cveNotify : 🚨 CVE-2024-48138A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template.🎖@cveNotify
See 3 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI