cnvd - cnvd-2024-14303

CNVD-2024-14303

Vulnerability from cnvd - Published: 2024-03-21

Title

74CMS文件上传漏洞

Description

74CMS是一套基于PHP和MySQL的在线招聘系统。 74CMS 3.28.0版本存在文件上传漏洞，该漏洞源于文件/controller/company/Index.php的函数sendCompanyLogo的参数imgBase64对上传的文件缺少有效的验证。攻击者可利用该漏洞上传恶意文件从而远程执行任意代码。

Severity

中

Formal description

厂商尚未发布漏洞修复程序，请及时关注更新： https://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15

Reference

https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3

Impacted products

Name
74CMS 74CMS 3.28.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-2561",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-2561"
    }
  },
  "description": "74CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cMySQL\u7684\u5728\u7ebf\u62db\u8058\u7cfb\u7edf\u3002\n\n74CMS 3.28.0\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6/controller/company/Index.php\u7684\u51fd\u6570sendCompanyLogo\u7684\u53c2\u6570imgBase64\u5bf9\u4e0a\u4f20\u7684\u6587\u4ef6\u7f3a\u5c11\u6709\u6548\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\u4ece\u800c\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14303",
  "openTime": "2024-03-21",
  "products": {
    "product": "74CMS 74CMS 3.28.0"
  },
  "referenceLink": "https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3",
  "serverity": "\u4e2d",
  "submitTime": "2024-03-19",
  "title": "74CMS\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2024-2561 (GCVE-0-2024-2561)

Vulnerability from cvelistv5 – Published: 2024-03-17 11:00 – Updated: 2024-08-08 20:40

Summary

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-434 - Unrestricted Upload

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.257060	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.257060	signaturepermissions-required
	https://gist.github.com/Southseast/9f5284d8ee0f6d…	exploit

Impacted products

	Vendor	Product	Version
	n/a	74CMS	Affected: 3.28.0

Credits

Southseast (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:48.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-257060 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.257060"
          },
          {
            "name": "VDB-257060 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.257060"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:74cms:74cms:3.28.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "74cms",
            "vendor": "74cms",
            "versions": [
              {
                "status": "affected",
                "version": "3.28.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2561",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T20:37:47.399582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T20:40:02.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Company Logo Handler"
          ],
          "product": "74CMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.28.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Southseast (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in 74CMS 3.28.0 entdeckt. Davon betroffen ist die Funktion sendCompanyLogo der Datei /controller/company/Index.php#sendCompanyLogo der Komponente Company Logo Handler. Dank Manipulation des Arguments imgBase64 mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-17T11:00:07.747Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-257060 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.257060"
        },
        {
          "name": "VDB-257060 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.257060"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-16T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-16T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-16T08:05:10.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-2561",
    "datePublished": "2024-03-17T11:00:07.747Z",
    "dateReserved": "2024-03-16T06:59:15.278Z",
    "dateUpdated": "2024-08-08T20:40:02.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2024-14303

CVE-2024-2561 (GCVE-0-2024-2561)

Tags

Sightings

Nomenclature