FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-9794

Unrestricted Upload of File with Dangerous Type (CWE-434)

Published: Oct 10, 2024 / Updated: 40d ago

010
CVSS 5.3EPSS 0.05%Medium
CVE info copied to clipboard

Summary

A critical vulnerability has been discovered in Codezips Online Shopping Portal version 1.0. The vulnerability affects the file /update-image1.php and involves the manipulation of the argument productimage1, which leads to unrestricted upload. This issue can be exploited remotely and does not require user interaction.

Impact

The impact of this vulnerability is severe. It allows for unrestricted upload of files with dangerous types, which can lead to arbitrary code execution on the server. This could result in complete compromise of the affected system, potentially allowing attackers to: 1. Execute malicious code on the server 2. Gain unauthorized access to sensitive data 3. Modify or delete critical files 4. Use the compromised server as a pivot point for further attacks on the network 5. Disrupt the availability of the online shopping portal Given the high impact on confidentiality, integrity, and availability, this vulnerability poses a significant risk to the organization.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

As of the latest information provided, there is no mention of an available patch for this vulnerability in Codezips Online Shopping Portal 1.0. The security team should closely monitor for any updates or patches released by Codezips and apply them as soon as they become available.

Mitigation

While waiting for an official patch, the security team should consider the following mitigation strategies: 1. Implement strict input validation and file type checking for all file uploads in the affected /update-image1.php file. 2. Use a web application firewall (WAF) to filter and block potentially malicious file upload attempts. 3. Limit file upload permissions and execute uploaded files with minimal privileges. 4. Regularly audit and remove unnecessary or suspicious files from the server. 5. If possible, temporarily disable the file upload functionality in /update-image1.php until a proper fix is implemented. 6. Monitor system logs for any suspicious activities or unauthorized file uploads. 7. Consider isolating the affected system to minimize potential impact on other parts of the network. 8. Educate users and administrators about the risks of unrestricted file uploads and proper security practices.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9794. See article

Oct 10, 2024 at 4:08 PM / CVE
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 10, 2024 at 4:09 PM
CVE Assignment

NVD published the first details for CVE-2024-9794

Oct 10, 2024 at 4:15 PM
CVSS

A CVSS base score of 6.3 has been assigned.

Oct 10, 2024 at 4:20 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.4%)

Oct 11, 2024 at 10:19 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 15, 2024 at 7:15 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Oct 15, 2024 at 9:10 PM
Static CVE Timeline Graph

Affected Systems

Codezips/online_shopping_portal
+null more

Exploits

https://github.com/ppp-src/CVE/issues/7
+null more

Links to Mitre Att&cks

T1574.010: Services File Permissions Weakness
+null more

Attack Patterns

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs
+null more

News

US-CERT Vulnerability Summary for the Week of October 7, 2024
RedPacket Security / 35d
ABB–RobotWare 6 An attacker who successfully exploited these vulnerabilities could cause the robot to stop. A vulnerability exists in the PROFINET stack included in the RobotWare versions listed below. This vulnerability arises under specific condition when specially crafted message is processed by the system. Below are reported vulnerabilities in the Robot Ware versions. * IRC5- RobotWare 6 2024-10-10 5.1 CVE-2024-6157 [email protected] adamskaat–Read more By Adam The Read more By Adam plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the deleteRm() function in all versions up to, and including, 1.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete read more buttons. 2024-10-12 4.3 CVE-2024-9187 [email protected] [email protected] adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2024-10-09 5.5 CVE-2024-47419 [email protected] adobe — animate Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR.
CVE-2024-9794 Exploit
inTheWild.io Exploits / 35d
CVE Id : CVE-2024-9794 Published Date: 2024-10-15T19:12:00+00:00 A vulnerability, which was classified as critical, has been found in Codezips Online Shopping Portal 1.0. This issue affects some unknown processing of the file /update-image1.php. The manipulation of the argument productimage1 leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. inTheWild added a link to an exploit: https://github.com/ppp-src/CVE/issues/7
Update Sun Oct 13 14:25:38 UTC 2024
Recent Commits to cve:main / 37d
Update Sun Oct 13 14:25:38 UTC 2024
#cybersecurity / 39d
CVE Alert: CVE-2024-9794 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9794/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9794
CVE Alert: CVE-2024-9794
RedPacket Security / 39d
This issue affects some unknown processing of the file /update-image1.php. Affected Endpoints:
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-434(2743)Codezips(38)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial