Login Sign Up

CVE-2024-11211

4.7 MEDIUM
Remote Code Execution

📋 TL;DR

A critical vulnerability in EyouCMS allows unrestricted file uploads via the Website Logo Handler component, enabling attackers to upload malicious files remotely. This affects EyouCMS versions up to 1.6.7, potentially leading to remote code execution. Organizations using vulnerable EyouCMS installations are at risk.

💻 Affected Systems

Products:
  • EyouCMS
Versions: up to 1.6.7
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Website Logo Handler component specifically; all installations with this component enabled are vulnerable.

📦 What is this software?

Eyoucms by Eyoucms

View all CVEs affecting Eyoucms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent access, data exfiltration, and further exploitation of the server.

🟢

If Mitigated

File uploads blocked or sanitized, preventing malicious file execution while maintaining legitimate functionality.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making this easily weaponizable by attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a version beyond 1.6.7 if released, or apply workarounds.

🔧 Temporary Workarounds

Restrict File Upload Types

all

Configure web server or application to only allow specific image file types (e.g., .jpg, .png) for logo uploads.

# Example for Apache: Add to .htaccess
<FilesMatch "\.(php|phtml|php3|php4|php5|php7|phps|php8|inc|exe|pl|sh|py|rb|js|jsp|asp|aspx|html|htm|xml)$">
    Order allow,deny
    Deny from all
</FilesMatch>

Disable Logo Upload Feature

all

Temporarily disable the Website Logo Handler component in EyouCMS admin panel.

🧯 If You Can't Patch

  • Implement strict file upload validation on the web server level.
  • Use a Web Application Firewall (WAF) to block malicious upload attempts.

🔍 How to Verify

Check if Vulnerable:

Check EyouCMS version in admin panel or via file system; if version is 1.6.7 or lower, it is vulnerable.

Check Version:

# Check version in EyouCMS admin panel or look for version info in files like /eyou/version.txt

Verify Fix Applied:

Test logo upload functionality with a malicious file (e.g., .php) to ensure it is blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to logo handler endpoints
  • Uploads of non-image file types (e.g., .php, .exe)

Network Indicators:

  • HTTP POST requests to upload endpoints with suspicious file extensions

SIEM Query:

source="web_logs" AND (url_path="/eyou/logo_upload" OR url_path LIKE "%/logo%") AND (file_extension="php" OR file_extension="exe" OR file_extension="sh")

📊 Metadata

CVE ID: CVE-2024-11211
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
Published: November 14, 2024
Last Updated: November 19, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11211, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)