CVE-2024-33752 – This vulnerability allows remote attackers to u... (How to Fix)

Q: What is the severity of CVE-2024-33752?

CVE-2024-33752 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows remote attackers to upload arbitrary files to emlog Pro installations, potentially leading to remote code execution. Attackers can exploit this by submitting specially crafted requests to the admin/views/plugin.php endpoint. All users running affected versions of emlog Pro are vulnerable.

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to emlog Pro installations, potentially leading to remote code execution. Attackers can exploit this by submitting specially crafted requests to the admin/views/plugin.php endpoint. All users running affected versions of emlog Pro are vulnerable.

💻 Affected Systems

Products:

emlog Pro

Versions: 2.3.0 and 2.3.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the admin interface, which may require authentication depending on configuration.

📦 What is this software?

Emlog by Emlog

View all CVEs affecting Emlog →

Emlog by Emlog

View all CVEs affecting Emlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Webshell deployment leading to website defacement, data theft, or use as part of a botnet.

🟢

If Mitigated

File upload blocked or contained, preventing code execution but potentially allowing denial of service through disk space consumption.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication in default configurations.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but external exposure presents greater risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates file upload leading to remote code execution. Exploitation requires knowledge of the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict access to admin interface

all

Limit access to the admin/views/plugin.php endpoint using web server configuration or firewall rules.

# Apache: <Location /admin/views/plugin.php> Require all denied </Location>
# Nginx: location /admin/views/plugin.php { deny all; }

Implement file upload validation

all

Add server-side validation to restrict uploaded file types to safe extensions only.

🧯 If You Can't Patch

Disable the plugin upload functionality entirely if not needed.
Implement a Web Application Firewall (WAF) with file upload protection rules.

🔍 How to Verify

Check if Vulnerable:

Check if running emlog Pro version 2.3.0 or 2.3.2 and if the admin/views/plugin.php endpoint is accessible.

Check Version:

Check emlog Pro version in admin panel or look for version information in source files.

Verify Fix Applied:

Attempt to upload a test file with dangerous extension to the vulnerable endpoint; successful upload indicates vulnerability.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to admin/views/plugin.php
POST requests with file uploads containing executable extensions (.php, .jsp, .asp)

Network Indicators:

HTTP POST requests to /admin/views/plugin.php with file upload content
Subsequent requests to uploaded malicious files

SIEM Query:

source="web_logs" AND (uri="/admin/views/plugin.php" AND method="POST" AND content_type="multipart/form-data")

📊 Metadata

CVE ID: CVE-2024-33752

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: May 6, 2024

Last Updated: June 11, 2025

🔗 References

https://github.com/Myanemo/emlogpro/blob/main/emlog%20pro2.3.2%20File%20upload%20to%20getshell.md Exploit,Third Party Advisory
https://github.com/Myanemo/emlogpro/blob/main/emlog%20pro2.3.2%20File%20upload%20to%20getshell.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33752, you might also want to check these: