CVE-2024-11145
📋 TL;DR
CVE-2024-11145 is a critical deserialization vulnerability in Valor Apps Easy Folder Listing Pro for Joomla! that allows unauthenticated remote attackers to execute arbitrary code on affected systems. This affects all Joomla! installations using vulnerable versions of the Easy Folder Listing Pro extension. Attackers can gain full control of the web application with the same privileges as the Joomla! application.
💻 Affected Systems
- Valor Apps Easy Folder Listing Pro
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to data theft, ransomware deployment, lateral movement within the network, and persistent backdoor installation.
Likely Case
Webshell deployment, credential harvesting, data exfiltration, and use as an initial access point for further attacks.
If Mitigated
Limited impact due to network segmentation, web application firewalls, and minimal privileges on the Joomla! application account.
🎯 Exploit Status
Deserialization vulnerabilities are commonly exploited with publicly available tools and payloads. No authentication required makes exploitation trivial.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.8 or 4.5
Vendor Advisory: https://www.valorapps.com/web-products/easy-folder-listing-pro.html
Restart Required: No
Instructions:
1. Log into Joomla! admin panel. 2. Navigate to Extensions > Manage > Update. 3. Update Easy Folder Listing Pro to version 3.8 or 4.5. 4. Clear Joomla! cache from System > Clear Cache.
🔧 Temporary Workarounds
Disable Extension
allTemporarily disable the Easy Folder Listing Pro extension until patching is possible
Navigate to Extensions > Manage > Manage in Joomla! admin, find Easy Folder Listing Pro, and set status to Disabled
Web Application Firewall Rule
allBlock malicious deserialization attempts with WAF rules
Add rule to block requests containing serialized PHP objects or specific patterns targeting the extension
🧯 If You Can't Patch
- Remove the Easy Folder Listing Pro extension completely from the Joomla! installation
- Implement network segmentation to isolate the Joomla! server and restrict outbound connections
🔍 How to Verify
Check if Vulnerable:
Check Joomla! admin panel under Extensions > Manage > Manage for Easy Folder Listing Pro version. If version is below 3.8 or 4.5, system is vulnerable.Check Version:
Check Joomla! admin panel or examine /administrator/manifests/files/joomla.xml for extension version informationVerify Fix Applied:
Confirm Easy Folder Listing Pro version shows 3.8 or 4.5 in Joomla! extensions manager. Test functionality to ensure extension still works properly.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to Easy Folder Listing Pro endpoints
- PHP deserialization errors in Joomla! logs
- Unexpected file creation in Joomla! directories
Network Indicators:
- HTTP requests containing serialized PHP objects (O: or a: patterns)
- Traffic to known malicious IPs from Joomla! server
SIEM Query:
source="joomla.log" AND ("deserialization" OR "unserialize" OR "Easy Folder Listing")