CVE-2024-33350 – A directory traversal vulnerability in TaoCMS v... (How to Fix)

Q: What is the severity of CVE-2024-33350?

CVE-2024-33350 has a CVSS score of 9.8 (CRITICAL). A directory traversal vulnerability in TaoCMS v3.0.2 allows remote attackers to write arbitrary files via the include/model/file.php component. This can lead to remote code execution and sensitive information disclosure. All systems running TaoCMS v3.0.2 are affected.

📋 TL;DR

A directory traversal vulnerability in TaoCMS v3.0.2 allows remote attackers to write arbitrary files via the include/model/file.php component. This can lead to remote code execution and sensitive information disclosure. All systems running TaoCMS v3.0.2 are affected.

💻 Affected Systems

Products:

TaoCMS

Versions: v3.0.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of TaoCMS v3.0.2.

📦 What is this software?

Taocms by Taogogo

View all CVEs affecting Taocms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Website defacement, data theft, and server takeover for cryptocurrency mining or botnet recruitment.

🟢

If Mitigated

Limited impact with proper file permissions and web application firewalls blocking traversal attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates arbitrary file writing, which can be chained for RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or applying workarounds.

🔧 Temporary Workarounds

Restrict File Upload Permissions

linux

Set strict permissions on the include/model/file.php directory to prevent arbitrary file writes.

chmod 644 include/model/file.php
chown root:root include/model/file.php

Web Application Firewall Rule

all

Block requests containing directory traversal sequences to the vulnerable endpoint.

ModSecurity rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,msg:'Directory Traversal Attempt'

🧯 If You Can't Patch

Remove or disable the include/model/file.php component if not required.
Implement network segmentation to isolate the TaoCMS instance from critical systems.

🔍 How to Verify

Check if Vulnerable:

Check if the file include/model/file.php exists and review its code for improper path validation.

Check Version:

Check TaoCMS version in configuration files or admin panel.

Verify Fix Applied:

Test with a proof-of-concept payload to confirm file writes are blocked.

📡 Detection & Monitoring

Log Indicators:

Unusual file writes in web server logs, especially to include/model/file.php with traversal sequences.

Network Indicators:

HTTP requests to include/model/file.php with parameters containing ../ sequences.

SIEM Query:

source="web_server" AND uri="*include/model/file.php*" AND (param="*../*" OR payload="*../*")

📊 Metadata

CVE ID: CVE-2024-33350

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: April 29, 2024

Last Updated: April 16, 2025

🔗 References

https://github.com/majic-banana/vulnerability/blob/main/POC/taocms-3.0.2%20Arbitrary%20File%20Writing%20Vulnerability.md Exploit,Third Party Advisory
https://github.com/majic-banana/vulnerability/blob/main/POC/taocms-3.0.2%20Arbitrary%20File%20Writing%20Vulnerability.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33350, you might also want to check these: