CVE-2020-24202 – CVE-2020-24202 is an arbitrary file upload vuln... (How to Fix)

Q: What is the severity of CVE-2020-24202?

CVE-2020-24202 has a CVSS score of 9.8 (CRITICAL). CVE-2020-24202 is an arbitrary file upload vulnerability in the House Rental v1.0 PHP application that allows regular users to upload malicious files, leading to remote code execution. This affects any deployment of this specific software version where file upload functionality is enabled.

📋 TL;DR

CVE-2020-24202 is an arbitrary file upload vulnerability in the House Rental v1.0 PHP application that allows regular users to upload malicious files, leading to remote code execution. This affects any deployment of this specific software version where file upload functionality is enabled.

💻 Affected Systems

Products:

Projects World House Rental

Versions: v1.0

Operating Systems: Any OS running PHP web server (Linux, Windows, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all installations of House Rental v1.0 with the file upload component enabled. The vulnerability exists in the PHP code and is OS-agnostic.

📦 What is this software?

House Rental And Property Listing Project by Projectworlds

View all CVEs affecting House Rental And Property Listing Project →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the web server, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent access, data exfiltration, and further exploitation of the hosting environment.

🟢

If Mitigated

File uploads blocked or properly validated, limiting impact to denial of service if upload attempts are made.

🌐 Internet-Facing: HIGH - The vulnerability affects web applications directly accessible from the internet, making them prime targets for automated exploitation.

🏢 Internal Only: MEDIUM - Internal applications are still vulnerable but have reduced exposure compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Public exploit script available on GitHub. Requires regular user credentials (not admin) but no special privileges. Simple file upload bypass technique.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Consider migrating to alternative software or implementing custom security fixes.

🔧 Temporary Workarounds

Disable File Upload Functionality

all

Remove or disable the vulnerable file upload component in the application.

# Locate and comment out/remove file upload code in PHP files
# Example: Find upload handling code in PHP scripts and disable

Implement File Upload Restrictions

all

Add server-side validation to restrict file types, extensions, and content.

# Add to PHP upload handler:
$allowed_extensions = ['jpg', 'png', 'pdf'];
$file_extension = strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION));
if (!in_array($file_extension, $allowed_extensions)) { die('Invalid file type'); }

🧯 If You Can't Patch

Implement Web Application Firewall (WAF) rules to block malicious file upload patterns
Isolate the application in a restricted network segment with no internet access

🔍 How to Verify

Check if Vulnerable:

Test if you can upload a PHP file (e.g., test.php) through the application's file upload feature as a regular user. If successful without validation, the system is vulnerable.

Check Version:

# Check application version in source code or documentation
# Look for version indicators in PHP files or project documentation

Verify Fix Applied:

Attempt to upload a PHP file after implementing fixes. The upload should be rejected or the file should not execute as PHP code.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with PHP extensions
Multiple failed upload attempts followed by successful PHP file upload
Web server logs showing execution of uploaded PHP files

Network Indicators:

HTTP POST requests to upload endpoints with PHP file content
Subsequent requests to unusual PHP file paths

SIEM Query:

source="web_server_logs" AND (uri="*upload*" OR uri="*.php") AND method="POST" AND size>1000

📊 Metadata

CVE ID: CVE-2020-24202

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: August 27, 2020

Last Updated: November 21, 2024

🔗 References

https://github.com/hyd3sec/HouseRental_Unauth_RCE/blob/master/HouseRentalRCE.py Exploit,Third Party Advisory
https://projectworlds.in/free-projects/php-projects/house-rental-and-property-listing-project-php-mysql/ Exploit,Third Party Advisory
https://github.com/hyd3sec/HouseRental_Unauth_RCE/blob/master/HouseRentalRCE.py Exploit,Third Party Advisory
https://projectworlds.in/free-projects/php-projects/house-rental-and-property-listing-project-php-mysql/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-24202, you might also want to check these: