CVE-2020-19113
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files to the Online Book Store v1.0 web application through the admin_add.php endpoint. Successful exploitation can lead to remote code execution, potentially giving attackers full control of the affected server. Anyone running Online Book Store v1.0 with the vulnerable admin_add.php file is affected.
💻 Affected Systems
- Online Book Store
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, or use as a pivot point for attacking internal networks.
Likely Case
Webshell upload leading to persistent backdoor access, data exfiltration, and further exploitation of the server.
If Mitigated
File upload blocked or restricted to safe extensions only, preventing code execution while potentially allowing DoS via storage consumption.
🎯 Exploit Status
Exploitation requires admin access to the admin_add.php endpoint. The vulnerability is well-documented in public repositories with proof-of-concept examples.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch exists. Remove or disable the vulnerable admin_add.php file, or implement file upload validation as described in workarounds.
🔧 Temporary Workarounds
Implement File Upload Validation
allAdd server-side validation to restrict uploaded files to safe extensions and verify file types.
Edit admin_add.php to add: $allowed_extensions = ['jpg', 'jpeg', 'png', 'gif', 'pdf']; $file_extension = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION)); if(!in_array($file_extension, $allowed_extensions)) { die('Invalid file type'); }
Disable Vulnerable Endpoint
linuxTemporarily disable or remove the admin_add.php file until proper fixes can be implemented.
mv admin_add.php admin_add.php.disabled
or rename the file to prevent access
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file uploads with executable extensions to the admin_add.php endpoint.
- Restrict access to the admin interface using IP whitelisting and strong authentication requirements.
🔍 How to Verify
Check if Vulnerable:
Check if admin_add.php exists in the Online Book Store installation and test if it accepts file uploads without proper validation.Check Version:
Check the project files or documentation for version information, typically in README or configuration files.Verify Fix Applied:
Attempt to upload a file with a PHP extension through the admin interface. If the upload is rejected with proper validation, the fix is working.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to admin_add.php endpoint
- Uploads of files with executable extensions (.php, .phtml, .phar)
- Multiple failed upload attempts followed by successful upload
Network Indicators:
- POST requests to /admin_add.php with file upload content
- Subsequent requests to uploaded files in upload directories
SIEM Query:
source="web_server_logs" AND (uri="/admin_add.php" AND method="POST" AND size>10000) OR (uri MATCHES "*.php" AND referer CONTAINS "admin_add.php")