CVE-2024-39165
📋 TL;DR
This vulnerability allows unauthenticated remote attackers to execute arbitrary PHP code on systems running vulnerable versions of Asial JpGraph Professional. The exploit occurs through a PHP file upload vulnerability in the QR/demoapp/qr_image.php endpoint. All installations up to version 4.2.6-pro that include the unnecessary QR/demoapp folder are affected.
💻 Affected Systems
- Asial JpGraph Professional
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary commands, install malware, exfiltrate data, or pivot to other systems.
Likely Case
Web server compromise leading to data theft, defacement, or use as part of a botnet.
If Mitigated
Limited impact if proper web application firewalls, file upload restrictions, and least privilege principles are implemented.
🎯 Exploit Status
Exploit requires sending a POST request with malicious PHP code in the data parameter and a .php filename parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2.7-pro or later
Vendor Advisory: https://jpgraph.net/
Restart Required: No
Instructions:
1. Upgrade to JpGraph Professional 4.2.7-pro or later. 2. Remove the QR/demoapp folder from all installations. 3. Verify the folder is not present in production environments.
🔧 Temporary Workarounds
Remove vulnerable folder
linuxDelete the QR/demoapp directory to eliminate the vulnerable endpoint
rm -rf /path/to/jpgraph/QR/demoapp
Block access to vulnerable endpoint
allConfigure web server to deny access to QR/demoapp/qr_image.php
<Location "/QR/demoapp/qr_image.php">
Deny from all
</Location>
🧯 If You Can't Patch
- Implement strict web application firewall rules to block requests containing PHP code in POST parameters
- Restrict file upload functionality and validate all file names and content types
🔍 How to Verify
Check if Vulnerable:
Check if /QR/demoapp/qr_image.php exists in your JpGraph installation directoryCheck Version:
Check JpGraph version in PHP code or configuration filesVerify Fix Applied:
Confirm QR/demoapp folder is removed and version is 4.2.7-pro or higher📡 Detection & Monitoring
Log Indicators:
- POST requests to /QR/demoapp/qr_image.php
- File upload attempts with .php extensions
- Unusual PHP execution patterns
Network Indicators:
- HTTP traffic to QR/demoapp endpoints
- POST requests with data parameter containing PHP code
SIEM Query:
source="web_logs" AND uri="/QR/demoapp/qr_image.php" AND method="POST"