CVE-2020-24199
📋 TL;DR
This vulnerability allows unauthenticated attackers to upload arbitrary files to the Vehicle Image Upload component in Car Rental Management System v1.0, leading to remote code execution. Any system running this specific version is affected, potentially allowing complete system compromise.
💻 Affected Systems
- Project Worlds Car Rental Management System
📦 What is this software?
Car Rental Project by Projectworlds
⚠️ Risk & Real-World Impact
Worst Case
Complete system takeover with attacker gaining full control over the web server and underlying operating system, potentially leading to data theft, ransomware deployment, or use as a foothold for lateral movement.
Likely Case
Remote code execution allowing attackers to execute arbitrary commands, install backdoors, deface websites, or steal sensitive data from the database.
If Mitigated
If proper file upload validation and web application firewalls are in place, the risk is reduced to potential denial of service or limited file system access.
🎯 Exploit Status
Multiple public exploit scripts are available that demonstrate unauthenticated RCE. The attack requires minimal technical skill to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch exists. Remove the vulnerable system from production immediately. Consider migrating to a maintained alternative.
🔧 Temporary Workarounds
Implement strict file upload validation
allAdd server-side validation to restrict file types, extensions, and content. Implement file type verification using MIME type checking and file signature validation.
Web Application Firewall rules
allDeploy WAF rules to block file uploads with dangerous extensions and suspicious content patterns.
🧯 If You Can't Patch
- Isolate the system in a segmented network with strict inbound/outbound firewall rules
- Implement application-level authentication and authorization for all file upload functionality
🔍 How to Verify
Check if Vulnerable:
Check if the system is running Car Rental Management System v1.0 by examining the application version in the source code or admin interface. Test file upload functionality with malicious files.Check Version:
Check the application's version.php file or admin dashboard for version information.Verify Fix Applied:
Verify that file uploads are properly validated by attempting to upload files with dangerous extensions and checking they are rejected. Test with various file types and content.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with non-image extensions
- Multiple failed upload attempts
- Uploads of files with suspicious names or content
Network Indicators:
- HTTP POST requests to upload endpoints with unusual file types
- Traffic patterns showing file uploads followed by execution attempts
SIEM Query:
source="web_server" AND (uri="*upload*" OR uri="*vehicle*image*") AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp" OR file_extension="exe")🔗 References
- https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp
- https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp/blob/master/CarRental-Unauth-RCE.py
- https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/
- https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp
- https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp/blob/master/CarRental-Unauth-RCE.py
- https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/
