CVE-2024-0352 – This critical vulnerability in Likeshop allows ... (How to Fix)

Q: What is the severity of CVE-2024-0352?

CVE-2024-0352 has a CVSS score of 7.3 (HIGH). This critical vulnerability in Likeshop allows attackers to upload arbitrary files without restrictions via the FileServer::userFormImage function. Remote attackers can exploit this to upload malicious files like web shells, potentially gaining control of affected systems. All Likeshop installations up to version 2.5.7.20210311 are vulnerable.

📋 TL;DR

This critical vulnerability in Likeshop allows attackers to upload arbitrary files without restrictions via the FileServer::userFormImage function. Remote attackers can exploit this to upload malicious files like web shells, potentially gaining control of affected systems. All Likeshop installations up to version 2.5.7.20210311 are vulnerable.

💻 Affected Systems

Products:

Likeshop

Versions: up to 2.5.7.20210311

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the HTTP POST request handler component; vulnerable in default configuration.

📦 What is this software?

Likeshop by Likeshop

View all CVEs affecting Likeshop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, data theft, and persistent backdoor installation.

🟠

Likely Case

Web shell upload leading to unauthorized access, data exfiltration, and lateral movement within the network.

🟢

If Mitigated

Limited impact with proper file upload validation and web application firewalls blocking malicious uploads.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly disclosed; manipulation of the 'file' parameter leads to unrestricted upload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available; upgrade to a version above 2.5.7.20210311 if released, or apply workarounds.

🔧 Temporary Workarounds

Implement File Upload Validation

all

Add server-side validation to restrict file uploads to allowed types and sizes.

Modify File.php to validate file extensions and MIME types before processing.

Web Application Firewall Rule

all

Configure WAF to block malicious file upload attempts.

Add rule to block POST requests with suspicious file extensions to /server/application/api/controller/File.php.

🧯 If You Can't Patch

Disable the vulnerable FileServer::userFormImage function if not required.
Restrict network access to the Likeshop application using firewall rules.

🔍 How to Verify

Check if Vulnerable:

Check if Likeshop version is 2.5.7.20210311 or earlier; test by attempting to upload a file with a disallowed extension via the affected endpoint.

Check Version:

Check Likeshop configuration files or admin panel for version information.

Verify Fix Applied:

Verify that file upload validation is enforced and malicious uploads are rejected.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /server/application/api/controller/File.php
POST requests with suspicious file extensions

Network Indicators:

HTTP POST requests to the vulnerable endpoint with unexpected file types

SIEM Query:

source="web_logs" AND uri="/server/application/api/controller/File.php" AND method="POST" AND file_extension IN ("php", "jsp", "asp")

📊 Metadata

CVE ID: CVE-2024-0352

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: January 9, 2024

Last Updated: November 21, 2024

🔗 References

https://note.zhaoj.in/share/ciwYj7QXC4sZ Broken Link
https://vuldb.com/?ctiid.250120 Permissions Required,Third Party Advisory
https://vuldb.com/?id.250120 Third Party Advisory
https://note.zhaoj.in/share/ciwYj7QXC4sZ Broken Link
https://vuldb.com/?ctiid.250120 Permissions Required,Third Party Advisory
https://vuldb.com/?id.250120 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0352, you might also want to check these: