CVE-2024-31615 – ThinkCMF 6.0.9 contains an unrestricted file up... (How to Fix)

Q: What is the severity of CVE-2024-31615?

CVE-2024-31615 has a CVSS score of 9.8 (CRITICAL). ThinkCMF 6.0.9 contains an unrestricted file upload vulnerability in UeditorController.php that allows attackers to upload arbitrary files, including malicious scripts. This affects all ThinkCMF 6.0.9 installations with the vulnerable component enabled. Attackers can exploit this to achieve remote code execution on affected systems.

📋 TL;DR

ThinkCMF 6.0.9 contains an unrestricted file upload vulnerability in UeditorController.php that allows attackers to upload arbitrary files, including malicious scripts. This affects all ThinkCMF 6.0.9 installations with the vulnerable component enabled. Attackers can exploit this to achieve remote code execution on affected systems.

💻 Affected Systems

Products:

ThinkCMF

Versions: 6.0.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects installations with Ueditor component enabled. ThinkCMF is a Chinese content management framework.

📦 What is this software?

Thinkcmf by Thinkcmf

View all CVEs affecting Thinkcmf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, allowing attackers to install backdoors, steal data, pivot to internal networks, or deploy ransomware.

🟠

Likely Case

Webshell deployment leading to data exfiltration, credential theft, and lateral movement within the affected environment.

🟢

If Mitigated

Limited impact with proper file upload restrictions, web application firewalls, and file system permissions preventing execution of uploaded files.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available in Chinese repositories. Exploitation requires minimal technical skill due to simple file upload mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Monitor ThinkCMF releases for security updates. Consider upgrading to latest version if available.

🔧 Temporary Workarounds

Disable Ueditor Controller

linux

Remove or disable access to UeditorController.php to prevent exploitation

mv /path/to/UeditorController.php /path/to/UeditorController.php.disabled
chmod 000 /path/to/UeditorController.php

Implement File Upload Restrictions

all

Add server-side validation to restrict file types, extensions, and content

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious file upload patterns
Restrict file system permissions to prevent execution of uploaded files in web directories

🔍 How to Verify

Check if Vulnerable:

Check if UeditorController.php exists and is accessible. Attempt to upload a test file with malicious extension to verify vulnerability.

Check Version:

Check ThinkCMF version in configuration files or admin panel

Verify Fix Applied:

Verify UeditorController.php is disabled or removed. Test file upload functionality with restricted file types only.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload activity to Ueditor endpoints
Files with executable extensions (.php, .jsp, .asp) uploaded to upload directories
Multiple failed upload attempts with suspicious filenames

Network Indicators:

HTTP POST requests to /UeditorController.php with file upload parameters
Unusual outbound connections from web server after file upload

SIEM Query:

source="web_logs" AND (uri="/UeditorController.php" OR uri CONTAINS "upload") AND method="POST" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp")

📊 Metadata

CVE ID: CVE-2024-31615

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: April 25, 2024

Last Updated: April 16, 2025

🔗 References

https://github.com/huajiuqi/bug/blob/main/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md Exploit,Third Party Advisory
https://github.com/huajiuqi/bug/blob/main/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31615, you might also want to check these: