CVE-2024-24550 – This vulnerability in Bludit allows attackers w... (How to Fix)

Q: What is the severity of CVE-2024-24550?

CVE-2024-24550 has a CVSS score of 8.1 (HIGH). This vulnerability in Bludit allows attackers with API token access to upload arbitrary files, including PHP files, leading to remote code execution on the server. It affects Bludit installations with exposed File API endpoints. Attackers can gain full control of affected systems.

📋 TL;DR

This vulnerability in Bludit allows attackers with API token access to upload arbitrary files, including PHP files, leading to remote code execution on the server. It affects Bludit installations with exposed File API endpoints. Attackers can gain full control of affected systems.

💻 Affected Systems

Products:

Bludit

Versions: All versions prior to 4.0.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have or obtain API token; File API must be accessible

📦 What is this software?

Bludit by Bludit

View all CVEs affecting Bludit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise leading to data theft, ransomware deployment, or use as attack infrastructure

🟠

Likely Case

Webshell installation allowing persistent access, data exfiltration, and lateral movement

🟢

If Mitigated

Limited impact if API tokens are properly secured and file uploads are restricted

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires API token but is straightforward once obtained

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.0

Vendor Advisory: https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/

Restart Required: No

Instructions:

1. Backup your Bludit installation. 2. Download Bludit 4.0.0 or later. 3. Replace existing files with new version. 4. Verify functionality.

🔧 Temporary Workarounds

Restrict File API Access

all

Block access to File API endpoints via web server configuration

# Apache: Add to .htaccess
<FilesMatch "api/file">
    Deny from all
</FilesMatch>
# Nginx: Add to server block
location ~ /api/file {
    deny all;
}

Disable PHP Execution in Uploads

all

Prevent PHP execution in upload directories

# Apache: Add to .htaccess
<FilesMatch "\.php$">
    Deny from all
</FilesMatch>
# Nginx: Add to server block
location ~ \.php$ {
    deny all;
}

🧯 If You Can't Patch

Implement strict network segmentation to isolate Bludit instances
Deploy WAF rules to block suspicious file upload patterns

🔍 How to Verify

Check if Vulnerable:

Check Bludit version in admin panel or via version.txt file

Check Version:

cat /path/to/bludit/bl-content/databases/site.php | grep version

Verify Fix Applied:

Confirm version is 4.0.0 or higher in admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads via API endpoints
PHP file creation in upload directories
Multiple failed API authentication attempts

Network Indicators:

POST requests to /api/file endpoints
Uploads of files with .php extensions

SIEM Query:

source="web_logs" AND (uri="/api/file" OR file_extension="php")

📊 Metadata

CVE ID: CVE-2024-24550

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: June 24, 2024

Last Updated: January 2, 2026

🔗 References

https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/ Exploit,Third Party Advisory
https://www.redguard.ch/blog/2024/06/20/security-advisory-bludit/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24550, you might also want to check these: