CVE-2024-10161 – This critical vulnerability in PHPGurukul Boat ... (How to Fix)

Q: What is the severity of CVE-2024-10161?

CVE-2024-10161 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in PHPGurukul Boat Booking System 1.0 allows remote attackers to upload arbitrary files via the change-image.php component, potentially leading to remote code execution. It affects all installations of version 1.0 that have the vulnerable component accessible. Attackers can exploit this without authentication to compromise the system.

📋 TL;DR

This critical vulnerability in PHPGurukul Boat Booking System 1.0 allows remote attackers to upload arbitrary files via the change-image.php component, potentially leading to remote code execution. It affects all installations of version 1.0 that have the vulnerable component accessible. Attackers can exploit this without authentication to compromise the system.

💻 Affected Systems

Products:

PHPGurukul Boat Booking System

Versions: 1.0

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation. Any system with the change-image.php file accessible is vulnerable.

📦 What is this software?

Boat Booking System by Phpgurukul

View all CVEs affecting Boat Booking System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and potential lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent access, data exfiltration, and further exploitation of the server.

🟢

If Mitigated

File upload attempts blocked or logged, preventing successful exploitation while maintaining system integrity.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and has public exploit details available.

🏢 Internal Only: MEDIUM - While still dangerous, internal-only systems have reduced attack surface compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit details are available on GitHub, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch is available. Consider the following: 1. Remove or disable the vulnerable change-image.php file. 2. Implement input validation and file type restrictions. 3. Consider migrating to a supported alternative system.

🔧 Temporary Workarounds

Disable vulnerable component

linux

Remove or restrict access to the change-image.php file to prevent exploitation.

mv /path/to/change-image.php /path/to/change-image.php.disabled
chmod 000 /path/to/change-image.php

Implement file upload restrictions

all

Add server-side validation to restrict file uploads to specific extensions and sizes.

🧯 If You Can't Patch

Implement strict web application firewall (WAF) rules to block file upload attempts to change-image.php
Isolate the system in a segmented network zone with strict outbound traffic controls

🔍 How to Verify

Check if Vulnerable:

Check if change-image.php exists in the Boat Booking System installation directory and test if it accepts arbitrary file uploads without proper validation.

Check Version:

Check the system documentation or configuration files for version information, as there is no standard version command.

Verify Fix Applied:

Attempt to upload a malicious file to change-image.php; successful blocking indicates the fix is working.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to change-image.php
File upload attempts with suspicious extensions (.php, .exe, .jsp)
Large file uploads to the boat booking system

Network Indicators:

HTTP traffic to change-image.php with file upload content
Outbound connections from the server following file uploads

SIEM Query:

source="web_server" AND uri="*change-image.php*" AND method="POST" AND (content_type="multipart/form-data" OR user_agent="*curl*" OR user_agent="*wget*")

📊 Metadata

CVE ID: CVE-2024-10161

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: October 20, 2024

Last Updated: October 21, 2024

🔗 References

https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_change_image_file_upload_rce.md Exploit,Third Party Advisory
https://phpgurukul.com/ Product
https://vuldb.com/?ctiid.280947 Permissions Required
https://vuldb.com/?id.280947 Third Party Advisory
https://vuldb.com/?submit.425440 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10161, you might also want to check these: