FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-8940

Unrestricted Upload of File with Dangerous Type (CWE-434)

Published: Sep 25, 2024 / Updated: 56d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

A vulnerability has been identified in the Scriptcase application version 9.4.019. This vulnerability allows for the arbitrary upload of files via the /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ path using a POST request. The application fails to properly verify user input, potentially allowing an attacker to upload malicious files to the server.

Impact

This vulnerability has a severe impact potential. With a CVSS v3.1 base score of 9.8 (Critical), it affects all three core aspects of information security: 1. Confidentiality: High impact - An attacker could potentially access sensitive information on the server. 2. Integrity: High impact - The ability to upload arbitrary files could allow an attacker to modify or replace existing files on the server. 3. Availability: High impact - Malicious file uploads could be used to disrupt normal server operations or execute denial-of-service attacks. The attack vector is network-based, requires no user interaction, and can be executed without any privileges, making it relatively easy for attackers to exploit. The scope is unchanged, indicating that the vulnerability affects resources within its security scope.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no mention of an available patch. The vulnerability is reported for Scriptcase version 9.4.019, but there's no information about fixes in newer versions. It is recommended to check with the Scriptcase vendor for any security updates or patches that may have been released since this vulnerability was reported.

Mitigation

While awaiting a patch from the vendor, consider the following mitigation strategies: 1. Implement strict file upload restrictions, including file type verification, size limits, and content validation. 2. Use a Web Application Firewall (WAF) to filter and monitor HTTP traffic to the Scriptcase application. 3. Restrict access to the vulnerable path (/scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/) if it's not essential for operations. 4. Regularly monitor and audit file uploads and server activities for any suspicious behavior. 5. If possible, consider temporarily disabling file upload functionality until a patch is available. 6. Ensure that the server running Scriptcase has up-to-date security measures and that file permissions are properly configured to minimize potential damage from uploaded files.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2024-8940. See article

Sep 24, 2024 at 11:56 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 24, 2024 at 11:56 AM
CVE Assignment

NVD published the first details for CVE-2024-8940

Sep 25, 2024 at 1:15 AM
CVSS

A CVSS base score of 10 has been assigned.

Sep 25, 2024 at 1:22 AM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Sep 25, 2024 at 10:26 AM
Threat Intelligence Report

CVE-2024-8940 is a critical vulnerability in Scriptcase application version 9.4.019, with a CVSS score of 9.9, that allows attackers to exploit an arbitrary file upload via a POST request, potentially leading to the upload of malicious files to the server. The provided information does not indicate whether this vulnerability is being actively exploited in the wild, nor does it mention any proof-of-concept exploits, mitigations, detections, or patches. There is also no information regarding downstream impacts on other third-party vendors or technologies. See article

Sep 27, 2024 at 5:36 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 1, 2024 at 5:25 PM / nvd
Static CVE Timeline Graph

Affected Systems

Scriptcase/scriptcase
+null more

Links to Mitre Att&cks

T1574.010: Services File Permissions Weakness
+null more

Attack Patterns

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
+null more

References

@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 38 - SANS Institute
Google Alert - security-vulnerability OR cyber-vulnerability OR software-vulnerability OR hardware-vulnerability OR systems-vulnerability / 53d
Product: Apache HugeGraph-Server CVSS Score: 0 ** KEV since 2024-09-18 ** NVD: ISC Podcast: CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451). Product: Ivanti Endpoint Manager Cloud Services Appliance CVSS Score: 9.1 ** KEV since 2024-09-19 ** NVD: ISC Podcast: NVD References: CVE-2024-9043 - Cellopoint's Secure Email Gateway is vulnerable to buffer overflow in authentication allowing remote attackers to crash the process and gain admin privileges.

News

Vulnerability Summary for the Week of September 23, 2024
Totally Secure / 28d
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like ‘give_title’ and ‘card_address’. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase–Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a–n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
CVE-2024-8940 (CVSS 10): Critical Flaw in Scriptcase Low-Code Platform Leaves Developers at Risk [app]
Talkback Resources / 48d
Urgent update required for Scriptcase due to critical vulnerabilities (CVE-2024-8940, CVE-2024-8941, CVE-2024-8942) emphasizing the importance of prioritizing security in development processes.
CVE-2024-8940 (CVSS 10): Critical Flaw in Scriptcase Low-Code Platform Leaves Developers at Risk
Vulnerability Archives • Cybersecurity News / 49d
Developers using the popular low-code platform Scriptcase are urged to update their software immediately after discovering three critical vulnerabilities that could expose their applications to serious security risks. Scriptcase is a widely used low-code platform designed to simplify and accelerate the development of PHP web applications.
Vulnerability Summary for the Week of September 23, 2024
Bulletins / 50d
High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-43693 ics-cert@hq.dhs.gov Dover Fueling Solutions (DFS)--ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. 2024-09-25 10 CVE-2024-45066 ics-cert@hq.dhs.gov webdevmattcrom--GiveWP Donation Plugin and Fundraising Platform The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files and achieve remote code execution. This is essentially the same vulnerability as CVE-2024-5932, however, it was discovered the the presence of stripslashes_deep on user_info allows the is_serialized check to be bypassed. This issue was mostly patched in 3.16.1, but further hardening was added in 3.16.2. 2024-09-28 10 CVE-2024-8353 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com Scriptcase--Scriptcase Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input. 2024-09-25 10 CVE-2024-8940 cve-coordination@incibe.es n/a--n/a File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via the image upload feature when customizing a shop.
@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 38 - SANS Institute
Google Alert - security-vulnerability OR cyber-vulnerability OR software-vulnerability OR hardware-vulnerability OR systems-vulnerability / 53d
Product: Apache HugeGraph-Server CVSS Score: 0 ** KEV since 2024-09-18 ** NVD: ISC Podcast: CVE-2024-7120 - Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90 are vulnerable to critical os command injection via manipulation of the argument template in the Web Interface component's list_base_config.php file, allowing for remote attacks with publicly disclosed exploit potential (VDB-272451). Product: Ivanti Endpoint Manager Cloud Services Appliance CVSS Score: 9.1 ** KEV since 2024-09-19 ** NVD: ISC Podcast: NVD References: CVE-2024-9043 - Cellopoint's Secure Email Gateway is vulnerable to buffer overflow in authentication allowing remote attackers to crash the process and gain admin privileges.
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-434(2743)Scriptcase(10)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial