CVE-2024-31011 – This vulnerability in BeeSCMS v4.0 allows remot... (How to Fix)

Q: What is the severity of CVE-2024-31011?

CVE-2024-31011 has a CVSS score of 9.8 (CRITICAL). This vulnerability in BeeSCMS v4.0 allows remote attackers to write arbitrary files to the server by exploiting insufficient path isolation and lack of file extension validation in admin_template.php. Attackers can achieve remote code execution by writing malicious files. All systems running the vulnerable version are affected.

📋 TL;DR

This vulnerability in BeeSCMS v4.0 allows remote attackers to write arbitrary files to the server by exploiting insufficient path isolation and lack of file extension validation in admin_template.php. Attackers can achieve remote code execution by writing malicious files. All systems running the vulnerable version are affected.

💻 Affected Systems

Products:

BeeSCMS

Versions: Version 4.0

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to admin_template.php endpoint, but no authentication is needed.

📦 What is this software?

Beescms by Beescms

View all CVEs affecting Beescms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Webshell deployment leading to persistent access, data exfiltration, and further exploitation of the server.

🟢

If Mitigated

Limited impact if file uploads are restricted and web application firewalls block malicious requests.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects internet-facing web applications.

🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but have reduced attack surface compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is straightforward to exploit with publicly available information about the insecure file handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict access to admin_template.php

all

Block or restrict access to the vulnerable admin_template.php file using web server configuration.

# Apache: Add to .htaccess
<Files "admin_template.php">
    Order Deny,Allow
    Deny from all
</Files>
# Nginx: Add to server block
location ~ /admin_template\.php$ {
    deny all;
}

Implement file upload validation

all

Add server-side validation to restrict file types and sanitize file paths.

# Example PHP validation snippet
$allowed_extensions = array('jpg', 'png', 'gif');
$file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (!in_array($file_extension, $allowed_extensions)) {
    die('Invalid file type');
}

🧯 If You Can't Patch

Implement a web application firewall (WAF) to block requests containing suspicious file paths or extensions.
Monitor file system changes and restrict write permissions to web directories.

🔍 How to Verify

Check if Vulnerable:

Check if BeeSCMS version 4.0 is installed and if admin_template.php is accessible without authentication.

Check Version:

Check the CMS version in the admin panel or look for version files in the installation directory.

Verify Fix Applied:

Verify that admin_template.php is no longer accessible or that file upload validation has been implemented.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in web server logs
Requests to admin_template.php with file upload parameters
Files with suspicious extensions appearing in web directories

Network Indicators:

HTTP POST requests to admin_template.php with file content
Unusual outbound connections from the web server

SIEM Query:

source="web_server.log" AND (uri="/admin_template.php" OR uri LIKE "%admin_template%") AND (method="POST" OR params LIKE "%file%")

📊 Metadata

CVE ID: CVE-2024-31011

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

Published: April 3, 2024

Last Updated: August 21, 2025

🔗 References

https://github.com/ss122-0ss/beescms/blob/main/readme.md Exploit,Third Party Advisory
https://github.com/ss122-0ss/beescms/blob/main/readme.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31011, you might also want to check these: