CVE-2023-24734
📋 TL;DR
This critical vulnerability in PMB v7.4.6 allows attackers to upload malicious image files through the camera_upload.php component, leading to arbitrary code execution on the server. Any organization running the vulnerable version of PMB is affected, potentially giving attackers full control over the system.
💻 Affected Systems
- PMB (PhpMyBibli)
📦 What is this software?
Pmb by Sigb
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining root/admin privileges, data exfiltration, ransomware deployment, and persistent backdoor installation.
Likely Case
Web server compromise leading to defacement, data theft, and lateral movement within the network.
If Mitigated
Attack blocked at web application firewall level with no file upload reaching the vulnerable component.
🎯 Exploit Status
Exploitation requires no authentication and is straightforward - attackers simply need to craft a malicious image file and upload it to the vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v7.4.7 or later
Vendor Advisory: https://github.com/pmb-bib/pmb/releases
Restart Required: No
Instructions:
1. Backup your PMB installation and database. 2. Download the latest version from the official repository. 3. Replace the vulnerable files with patched versions. 4. Verify the camera_upload.php component has proper file validation.
🔧 Temporary Workarounds
Disable camera_upload.php
linuxTemporarily disable or remove the vulnerable component
mv /path/to/pmb/camera_upload.php /path/to/pmb/camera_upload.php.disabled
Implement WAF rules
allBlock malicious file uploads at the web application firewall
🧯 If You Can't Patch
- Implement strict file upload validation in camera_upload.php to only accept verified image formats
- Move PMB installation behind authentication and restrict access to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check if PMB version is 7.4.6 by examining the version file or admin interfaceCheck Version:
grep -r 'version' /path/to/pmb/installation/ | grep 7.4.6Verify Fix Applied:
Verify the camera_upload.php file has proper file extension and content validation checks📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to camera_upload.php
- Large number of failed upload attempts
- Uploads with non-standard image extensions
Network Indicators:
- POST requests to /camera_upload.php with executable file extensions
- Unusual outbound connections from the PMB server
SIEM Query:
source="web_server" AND uri="/camera_upload.php" AND (file_extension="php" OR file_extension="exe" OR file_extension="sh")