CVE-2024-32167 – CVE-2024-32167 is an arbitrary file deletion vu... (How to Fix)

Q: What is the severity of CVE-2024-32167?

CVE-2024-32167 has a CVSS score of 9.1 (CRITICAL). CVE-2024-32167 is an arbitrary file deletion vulnerability in Sourcecodester Online Medicine Ordering System 1.0 that allows attackers to delete any file on the server through the picture deletion function. This affects all installations of version 1.0 of this PHP-based web application. Attackers can potentially delete critical system files, configuration files, or application data.

📋 TL;DR

CVE-2024-32167 is an arbitrary file deletion vulnerability in Sourcecodester Online Medicine Ordering System 1.0 that allows attackers to delete any file on the server through the picture deletion function. This affects all installations of version 1.0 of this PHP-based web application. Attackers can potentially delete critical system files, configuration files, or application data.

💻 Affected Systems

Products:

Sourcecodester Online Medicine Ordering System

Versions: 1.0

Operating Systems: Any OS running PHP web server (Linux, Windows)

Default Config Vulnerable: ⚠️ Yes

Notes: This is a third-party PHP application, not part of standard OS distributions. The vulnerability exists in the application code itself.

📦 What is this software?

Online Medicine Ordering System by Oretnom23

View all CVEs affecting Online Medicine Ordering System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files (like /etc/passwd on Linux or SAM database on Windows), leading to system crashes, data loss, or privilege escalation by deleting authentication files.

🟠

Likely Case

Application disruption through deletion of configuration files, database files, or other application components, causing service downtime and potential data loss.

🟢

If Mitigated

Limited impact if proper file permissions restrict deletion to non-critical directories and files are regularly backed up.

🌐 Internet-Facing: HIGH - The vulnerability is in a web application that is typically internet-facing, allowing remote attackers to exploit it without authentication.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this, but the impact might be lower if internal network segmentation and monitoring are in place.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub reference shows exploitation details. This is a simple file path manipulation vulnerability requiring minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider: 1. Remove the vulnerable application entirely. 2. Replace with alternative software. 3. If continuing use, implement strict input validation and file permission restrictions.

🔧 Temporary Workarounds

Restrict file deletion permissions

linux

Set strict file permissions to prevent the web server user from deleting critical files

chmod 644 /path/to/critical/files
chown root:root /path/to/critical/files

Implement web application firewall rules

all

Block requests containing file path traversal patterns

# Example mod_security rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,msg:'Path Traversal Attempt'

🧯 If You Can't Patch

Isolate the application in a restricted network segment with no access to critical systems
Implement comprehensive file integrity monitoring and regular backups to detect and recover from file deletions

🔍 How to Verify

Check if Vulnerable:

Check if you have Sourcecodester Online Medicine Ordering System version 1.0 installed. Review the application's picture deletion functionality for lack of input validation on file paths.

Check Version:

Check the application's version.php file or documentation for version information

Verify Fix Applied:

Test the picture deletion function with path traversal payloads (like ../../../etc/passwd) to ensure they are rejected.

📡 Detection & Monitoring

Log Indicators:

Web server logs showing requests to picture deletion endpoints with suspicious file paths
System logs showing unexpected file deletions by the web server user

Network Indicators:

HTTP POST requests to picture deletion endpoints containing path traversal sequences (../)

SIEM Query:

source="web_server" AND (uri="*/delete_picture*" OR uri="*/settings*" OR uri="*/backend*") AND (request_body="../" OR request_body="..\\")

📊 Metadata

CVE ID: CVE-2024-32167

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Published: June 10, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/ss122-0ss/cms/blob/main/omos.md Exploit,Third Party Advisory
https://github.com/ss122-0ss/cms/blob/main/omos.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON