CVE-2024-12953
📋 TL;DR
This critical vulnerability in Portfolio Management System MCA 1.0 allows remote attackers to upload arbitrary files via the /update_pd_process.php endpoint. This can lead to complete system compromise through file upload exploitation. All users running the affected software version are vulnerable.
💻 Affected Systems
- Portfolio Management System MCA Project
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full system compromise, data theft, and persistent backdoor installation.
Likely Case
Webshell upload allowing unauthorized access, data manipulation, and lateral movement within the network.
If Mitigated
Limited impact with proper file upload restrictions and web application firewalls in place.
🎯 Exploit Status
Public exploit code available on GitHub, making exploitation trivial for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://1000projects.org/
Restart Required: No
Instructions:
No official patch available. Consider migrating to alternative software or implementing strict workarounds.
🔧 Temporary Workarounds
Block Vulnerable Endpoint
allRestrict access to /update_pd_process.php using web server configuration
# Apache: RewriteRule ^update_pd_process\.php$ - [F,L]
# Nginx: location ~ /update_pd_process\.php$ { deny all; }
Implement File Upload Restrictions
allAdd server-side validation for file uploads in PHP configuration
# Add to .htaccess: php_value upload_max_filesize 1M
# Add to PHP config: file_uploads = Off
🧯 If You Can't Patch
- Isolate the system behind a WAF with file upload filtering rules
- Implement strict network segmentation and monitor for unusual file upload activity
🔍 How to Verify
Check if Vulnerable:
Check if /update_pd_process.php exists and is accessible without authentication. Attempt to upload a test file with malicious extension.Check Version:
Check software version in admin panel or readme files. No standard command available.Verify Fix Applied:
Verify the endpoint is blocked or returns 403/404. Test file upload functionality with restricted file types.📡 Detection & Monitoring
Log Indicators:
- POST requests to /update_pd_process.php with file uploads
- Upload of files with .php, .exe, or other executable extensions
- Unusual file creation in upload directories
Network Indicators:
- HTTP traffic to /update_pd_process.php endpoint
- File uploads with suspicious content types
SIEM Query:
source="web_logs" AND uri="/update_pd_process.php" AND method="POST" AND (content_type="multipart/form-data" OR user_agent="*exploit*")🔗 References
- https://1000projects.org/
- https://github.com/dawatermelon/CVE/blob/main/Portfolio%20Management%20System%20MCA%20Project/README4.md
- https://vuldb.com/?ctiid.289316
- https://vuldb.com/?id.289316
- https://vuldb.com/?submit.468769
- https://github.com/dawatermelon/CVE/blob/main/Portfolio%20Management%20System%20MCA%20Project/README4.md
