Login Sign Up

CVE-2024-1036

7.3 HIGH

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to openBI systems due to insufficient validation in the Icon Handler component. Attackers can exploit this to upload malicious files like webshells, potentially leading to complete system compromise. All openBI installations up to version 1.0.8 are affected.

💻 Affected Systems

Products:
  • openBI
Versions: up to 1.0.8
Operating Systems: Any OS running openBI
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations with the Icon Handler component enabled are vulnerable.

📦 What is this software?

Openbi by Openbi

View all CVEs affecting Openbi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent access, file manipulation, and potential privilege escalation.

🟢

If Mitigated

File upload attempts blocked or logged with no successful exploitation.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances extremely vulnerable.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details available, making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Upgrade to version above 1.0.8 if released, or apply workarounds.

🔧 Temporary Workarounds

Disable Icon Upload Functionality

all

Remove or disable the uploadIcon function in Screen.php to prevent file uploads

# Comment out or remove uploadIcon function in /application/index/controller/Screen.php

Implement File Upload Restrictions

all

Add strict file type validation and size limits to the upload handler

# Add validation for allowed file extensions (e.g., only .png, .jpg, .ico)
# Implement file size limits and MIME type checking

🧯 If You Can't Patch

  • Implement WAF rules to block suspicious file upload patterns
  • Restrict network access to openBI instances using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check openBI version. If version <= 1.0.8 and Icon Handler is enabled, system is vulnerable.

Check Version:

# Check openBI version in configuration files or admin panel

Verify Fix Applied:

Test file upload functionality with malicious files. Successful upload indicates still vulnerable.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /application/index/controller/Screen.php
  • Uploads of non-image files to icon handler
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to uploadIcon endpoint with suspicious file types
  • Unusual outbound connections after file uploads

SIEM Query:

source="openbi.log" AND (uri="/application/index/controller/Screen.php" OR method="POST") AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp")

📊 Metadata

CVE ID: CVE-2024-1036
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-434
Published: January 30, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1036, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)