cnvd - cnvd-2024-14303

cnvd-2024-14303

Vulnerability from cnvd

Title: 74CMS文件上传漏洞

Description:

74CMS是一套基于PHP和MySQL的在线招聘系统。

74CMS 3.28.0版本存在文件上传漏洞，该漏洞源于文件/controller/company/Index.php的函数sendCompanyLogo的参数imgBase64对上传的文件缺少有效的验证。攻击者可利用该漏洞上传恶意文件从而远程执行任意代码。

Severity: 中

Formal description:

厂商尚未发布漏洞修复程序，请及时关注更新： https://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15

Reference: https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3

Impacted products

Name
74CMS 74CMS 3.28.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-2561",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-2561"
    }
  },
  "description": "74CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cMySQL\u7684\u5728\u7ebf\u62db\u8058\u7cfb\u7edf\u3002\n\n74CMS 3.28.0\u7248\u672c\u5b58\u5728\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6587\u4ef6/controller/company/Index.php\u7684\u51fd\u6570sendCompanyLogo\u7684\u53c2\u6570imgBase64\u5bf9\u4e0a\u4f20\u7684\u6587\u4ef6\u7f3a\u5c11\u6709\u6548\u7684\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\u4ece\u800c\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-14303",
  "openTime": "2024-03-21",
  "products": {
    "product": "74CMS 74CMS 3.28.0"
  },
  "referenceLink": "https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3",
  "serverity": "\u4e2d",
  "submitTime": "2024-03-19",
  "title": "74CMS\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2024-2561 (GCVE-0-2024-2561)

Vulnerability from cvelistv5

Published

2024-03-17 11:00

Modified

2024-08-08 20:40

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-434 - Unrestricted Upload

Summary

A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.

References

▼	URL	Tags
	https://vuldb.com/?id.257060	vdb-entry, technical-description
	https://vuldb.com/?ctiid.257060	signature, permissions-required
	https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a	exploit

Impacted products

	Vendor	Product	Version
	n/a	74CMS	Version: 3.28.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:18:48.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-257060 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload",
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.257060"
          },
          {
            "name": "VDB-257060 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.257060"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:74cms:74cms:3.28.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "74cms",
            "vendor": "74cms",
            "versions": [
              {
                "status": "affected",
                "version": "3.28.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2561",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T20:37:47.399582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T20:40:02.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Company Logo Handler"
          ],
          "product": "74CMS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "3.28.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Southseast (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in 74CMS 3.28.0 entdeckt. Davon betroffen ist die Funktion sendCompanyLogo der Datei /controller/company/Index.php#sendCompanyLogo der Komponente Company Logo Handler. Dank Manipulation des Arguments imgBase64 mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-434",
              "description": "CWE-434 Unrestricted Upload",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-17T11:00:07.747Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-257060 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.257060"
        },
        {
          "name": "VDB-257060 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.257060"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-16T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-16T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-03-16T08:05:10.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-2561",
    "datePublished": "2024-03-17T11:00:07.747Z",
    "dateReserved": "2024-03-16T06:59:15.278Z",
    "dateUpdated": "2024-08-08T20:40:02.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted