Login Sign Up

CVE-2020-24930

8.1 HIGH

📋 TL;DR

CVE-2020-24930 is an arbitrary file deletion vulnerability in Wuzhi CMS 4.0.1 backend. Attackers can delete any files on the server, potentially causing service disruption or data loss. This affects all deployments using the vulnerable version of Wuzhi CMS.

💻 Affected Systems

Products:
  • Wuzhi CMS
Versions: 4.0.1
Operating Systems: All platforms running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires access to the backend interface. The specific vulnerable file is mentioned as ***.php in the description (likely censored for security reasons).

📦 What is this software?

Wuzhicms by Wuzhicms

View all CVEs affecting Wuzhicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to OS corruption, data destruction, and permanent service outage.

🟠

Likely Case

Deletion of web application files causing website defacement, data loss, and service disruption requiring restoration from backups.

🟢

If Mitigated

Limited impact if proper file permissions and access controls prevent deletion of critical system files, though application files remain vulnerable.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing, and this vulnerability requires access to the backend interface which may be exposed.
🏢 Internal Only: MEDIUM - Internal attackers with access to the backend could still cause significant damage to the application.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

The vulnerability is documented in public GitHub issues with technical details. Attackers need backend access credentials to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown specific version, but fixes were implemented following the GitHub issue reports

Vendor Advisory: https://github.com/wuzhicms/wuzhicms/issues/191

Restart Required: No

Instructions:

1. Update to the latest version of Wuzhi CMS. 2. Review and apply any security patches mentioned in the GitHub issue. 3. Verify the vulnerable backend file has been fixed.

🔧 Temporary Workarounds

Restrict backend access

all

Limit access to the CMS backend interface to trusted IP addresses only

# Example Apache .htaccess
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from 10.0.0.0/8

File permission hardening

linux

Set restrictive permissions on critical directories and files

chmod 755 /var/www/html/
chmod 644 /var/www/html/*.php
chown www-data:www-data /var/www/html/

🧯 If You Can't Patch

  • Implement strict access controls to the backend interface using IP whitelisting
  • Monitor file deletion activities and implement file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check if running Wuzhi CMS 4.0.1 and review the specific backend PHP file mentioned in vulnerability reports

Check Version:

Check CMS version in admin panel or review version files in installation directory

Verify Fix Applied:

Verify CMS version is updated beyond 4.0.1 and test if arbitrary file deletion is possible from backend

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in web server logs
  • Multiple failed login attempts to backend followed by file operations
  • PHP error logs showing file manipulation attempts

Network Indicators:

  • Unusual traffic patterns to backend administration URLs
  • Requests to file manipulation endpoints with suspicious parameters

SIEM Query:

source="web_server" AND (uri="*admin*" OR uri="*backend*") AND (action="delete" OR method="POST") AND status=200

📊 Metadata

CVE ID: CVE-2020-24930
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Published: September 27, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON