Login Sign Up

CVE-2024-13191

6.3 MEDIUM

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files without restrictions in ZeroWdd myblog 1.0. Attackers can potentially upload malicious files like webshells to gain unauthorized access or execute code. Anyone running the vulnerable version of myblog is affected.

💻 Affected Systems

Products:
  • ZeroWdd myblog
Versions: 1.0
Operating Systems: Any OS running Java
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the upload controller specifically; requires the upload functionality to be accessible.

📦 What is this software?

Myblog by Zerowdd

View all CVEs affecting Myblog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via webshell upload leading to remote code execution, data theft, and lateral movement within the network.

🟠

Likely Case

Unauthorized file upload leading to defacement, data manipulation, or limited code execution depending on server configuration.

🟢

If Mitigated

File uploads restricted to authenticated users with proper validation, limiting impact to authorized functionality.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly disclosed in GitHub issues, making this easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Consider workarounds or migrating to a secure alternative.

🔧 Temporary Workarounds

Disable upload functionality

all

Remove or disable the vulnerable upload controller endpoint to prevent exploitation.

Comment out or delete the uploadController.java file and restart the application

Implement file validation

all

Add server-side validation to restrict file types, extensions, and content.

Modify uploadController.java to include validation checks for file type, size, and extension

🧯 If You Can't Patch

  • Restrict network access to the application using firewalls or network segmentation.
  • Implement web application firewall (WAF) rules to block malicious file upload attempts.

🔍 How to Verify

Check if Vulnerable:

Check if running ZeroWdd myblog version 1.0 and if the upload endpoint is accessible without proper validation.

Check Version:

Check application configuration or build files for version information.

Verify Fix Applied:

Test file upload functionality with restricted file types; ensure only allowed files are accepted.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to the upload endpoint, especially with suspicious extensions like .jsp, .php, .exe

Network Indicators:

  • HTTP POST requests to upload endpoints with unexpected file types

SIEM Query:

source="web_logs" AND (uri="/upload" OR uri="/admin/upload") AND (file_extension="jsp" OR file_extension="php" OR file_extension="exe")

📊 Metadata

CVE ID: CVE-2024-13191
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-284
EPSS Score: 0.2% exploit probability (42.2th percentile)
Published: January 8, 2025
Last Updated: May 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13191, you might also want to check these:

CVE-2021-34795 10.0

This critical vulnerability in Cisco Catalyst PON Series Switches ONT web management interface allow...

Same vulnerability type (CWE-284)
CVE-2021-40113 10.0

Multiple vulnerabilities in Cisco Catalyst PON Series Switches ONT web management interface allow un...

Same vulnerability type (CWE-284)
CVE-2026-21636 10.0

A critical vulnerability in Node.js v25's experimental permission model allows attacker-controlled i...

Same vulnerability type (CWE-284)