CVE-2024-10420 – This critical vulnerability in SourceCodester A... (How to Fix)

Q: What is the severity of CVE-2024-10420?

CVE-2024-10420 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in SourceCodester Attendance and Payroll System 1.0 allows remote attackers to upload arbitrary files via the /marimar/guest/update.php endpoint. Attackers can exploit this to upload malicious files like webshells, potentially leading to complete system compromise. Organizations using this specific software version are affected.

📋 TL;DR

This critical vulnerability in SourceCodester Attendance and Payroll System 1.0 allows remote attackers to upload arbitrary files via the /marimar/guest/update.php endpoint. Attackers can exploit this to upload malicious files like webshells, potentially leading to complete system compromise. Organizations using this specific software version are affected.

💻 Affected Systems

Products:

SourceCodester Attendance and Payroll System

Versions: 1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the specific file upload functionality in the guest update component. No special configuration required for exploitation.

📦 What is this software?

Attendance And Payroll System by Nurhodelta17

View all CVEs affecting Attendance And Payroll System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover via webshell upload leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Unauthorized file upload leading to webshell installation, allowing attackers to execute arbitrary commands and maintain persistent access.

🟢

If Mitigated

File upload attempts are blocked or logged, preventing successful exploitation while allowing detection of attack attempts.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details are available.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks, but attack surface is reduced compared to internet exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub, making this easily weaponizable by attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.sourcecodester.com/

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider alternative solutions.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Implement server-side validation to only allow specific file types (e.g., .jpg, .png) and verify file signatures.

Modify upload.php to include: $allowed_types = ['image/jpeg', 'image/png'];
Add MIME type verification and file extension validation.

Disable Guest Update Functionality

all

Temporarily disable or restrict access to the vulnerable /marimar/guest/update.php endpoint.

Add .htaccess rule: Deny from all
Comment out or remove the upload functionality in update.php

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block file uploads to the vulnerable endpoint.
Isolate the system from internet access and restrict internal network access to only necessary users.

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a non-image file (e.g., .php, .txt) to /marimar/guest/update.php with image parameter. If successful, system is vulnerable.

Check Version:

Check software version in admin panel or review source code for version markers.

Verify Fix Applied:

Test file upload with same method; successful upload should be blocked with proper error messages.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /marimar/guest/update.php
POST requests with file uploads containing non-image extensions
Multiple failed upload attempts

Network Indicators:

HTTP POST traffic to vulnerable endpoint with file uploads
Unusual outbound connections from web server after upload

SIEM Query:

source="web_logs" AND uri="/marimar/guest/update.php" AND method="POST" AND (file_extension="php" OR file_extension="exe" OR file_extension="sh")

📊 Metadata

CVE ID: CVE-2024-10420

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: October 27, 2024

Last Updated: October 29, 2024

🔗 References

https://github.com/K1nako0/tmp_vuln12/blob/main/README.md Broken Link
https://vuldb.com/?ctiid.281961 Permissions Required,VDB Entry
https://vuldb.com/?id.281961 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.431949 Third Party Advisory,VDB Entry
https://www.sourcecodester.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10420, you might also want to check these: