CVE-2024-31818 – A directory traversal vulnerability in DerbyNet... (How to Fix)

Q: What is the severity of CVE-2024-31818?

CVE-2024-31818 has a CVSS score of 9.8 (CRITICAL). A directory traversal vulnerability in DerbyNet v9.0 allows remote attackers to execute arbitrary code via the 'page' parameter in kiosk.php. This affects all systems running vulnerable DerbyNet installations, potentially enabling complete system compromise.

📋 TL;DR

A directory traversal vulnerability in DerbyNet v9.0 allows remote attackers to execute arbitrary code via the 'page' parameter in kiosk.php. This affects all systems running vulnerable DerbyNet installations, potentially enabling complete system compromise.

💻 Affected Systems

Products:

DerbyNet

Versions: Version 9.0

Operating Systems: Any OS running DerbyNet

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of DerbyNet v9.0 with kiosk.php accessible are vulnerable.

📦 What is this software?

Derbynet by Derbynet

View all CVEs affecting Derbynet →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, ransomware deployment, or use as a foothold for lateral movement.

🟠

Likely Case

Arbitrary file read/write leading to sensitive information disclosure, configuration modification, or limited code execution.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and file permission restrictions are in place.

🌐 Internet-Facing: HIGH - The kiosk.php component is typically internet-facing, allowing direct exploitation.

🏢 Internal Only: MEDIUM - Internal attackers could exploit if they have network access to the DerbyNet instance.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is well-documented with public proof-of-concept available. Exploitation requires minimal technical skill.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or apply workarounds.

🔧 Temporary Workarounds

Input Validation for page parameter

all

Add strict input validation to kiosk.php to restrict the 'page' parameter to allowed values only.

Modify kiosk.php to validate the 'page' parameter against a whitelist of allowed pages

Web Application Firewall Rule

all

Block directory traversal attempts in the page parameter.

Add WAF rule to block requests containing '../', '..\', or similar traversal patterns in URL parameters

🧯 If You Can't Patch

Restrict network access to DerbyNet instance using firewall rules
Implement strict file system permissions to limit what files can be accessed/modified

🔍 How to Verify

Check if Vulnerable:

Test if accessing kiosk.php with a traversal payload (e.g., kiosk.php?page=../../../etc/passwd) returns sensitive system files.

Check Version:

Check DerbyNet version in configuration files or web interface

Verify Fix Applied:

Verify that traversal attempts no longer succeed and return appropriate error messages.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to kiosk.php with suspicious 'page' parameter values containing '../', '..\', or similar patterns

Network Indicators:

Unusual file access patterns from DerbyNet server, unexpected outbound connections

SIEM Query:

source="web_logs" AND uri="*kiosk.php*" AND (param="*../*" OR param="*..\\*")

📊 Metadata

CVE ID: CVE-2024-31818

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: April 12, 2024

Last Updated: June 17, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31818, you might also want to check these: