Login Sign Up

CVE-2024-0648

7.3 HIGH
Remote Code Execution

📋 TL;DR

This critical vulnerability in Yunyou CMS allows remote attackers to upload arbitrary files without restrictions by manipulating the templateFile parameter in Common.php. This affects all Yunyou CMS installations up to version 2.2.6, potentially enabling complete system compromise.

💻 Affected Systems

Products:
  • Yunyou CMS
Versions: Up to and including 2.2.6
Operating Systems: All platforms running Yunyou CMS
Default Config Vulnerable: ⚠️ Yes
Notes: All installations using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Yunyou Cms by Yunyou Cms Project

View all CVEs affecting Yunyou Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system takeover, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Webshell upload enabling unauthorized access, data manipulation, and lateral movement within the network.

🟢

If Mitigated

File upload attempts blocked at WAF or detected by file integrity monitoring.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing systems primary targets.
🏢 Internal Only: MEDIUM - Internal systems still vulnerable but require network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details available in disclosed references, making exploitation straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found in provided references

Restart Required: No

Instructions:

No official patch available. Consider upgrading to latest version if available or implementing workarounds.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file upload validation in Common.php to restrict allowed file types and extensions.

Modify /app/index/controller/Common.php to validate templateFile parameter against whitelist

WAF Rule Implementation

all

Deploy web application firewall rules to block requests containing suspicious file upload patterns.

Add WAF rule: Block requests to Common.php with templateFile parameter containing executable extensions

🧯 If You Can't Patch

  • Isolate affected systems from internet access
  • Implement strict network segmentation and monitor for suspicious file upload activity

🔍 How to Verify

Check if Vulnerable:

Check Yunyou CMS version in admin panel or configuration files. If version ≤ 2.2.6, system is vulnerable.

Check Version:

Check /config/version.php or admin dashboard for version information

Verify Fix Applied:

Test file upload functionality with malicious payloads to confirm restrictions are working.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to Common.php
  • Requests with templateFile parameter containing executable extensions
  • Multiple failed upload attempts

Network Indicators:

  • HTTP POST requests to /app/index/controller/Common.php with file upload patterns
  • Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND uri="/app/index/controller/Common.php" AND (method="POST" OR params CONTAINS "templateFile")

📊 Metadata

CVE ID: CVE-2024-0648
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-434
Published: January 17, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0648, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)