Login Sign Up

CVE-2024-40071

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to upload arbitrary PHP files to Sourcecodester Online ID Generator System 1.0, leading to remote code execution. Attackers can take full control of affected systems by uploading malicious PHP files. All installations of version 1.0 are vulnerable.

💻 Affected Systems

Products:
  • Sourcecodester Online ID Generator System
Versions: 1.0
Operating Systems: Any OS running PHP web server
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Online Id Generator System by Oretnom23

View all CVEs affecting Online Id Generator System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full administrative access, data theft, ransomware deployment, and use as pivot point for network attacks.

🟠

Likely Case

Webshell installation leading to data exfiltration, credential harvesting, and lateral movement within the network.

🟢

If Mitigated

File upload attempts blocked at web application firewall level with no successful exploitation.

🌐 Internet-Facing: HIGH - Directly exploitable via web interface without authentication.
🏢 Internal Only: MEDIUM - Still exploitable but requires internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public proof-of-concept available on GitHub. Simple HTTP POST request with crafted PHP file payload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider removing the system or implementing workarounds.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file upload validation in id_generator/classes/SystemSettings.php

Add file extension validation and MIME type checking before accepting uploads

Web Application Firewall Rules

all

Block requests to the vulnerable endpoint or filter PHP file uploads

Configure WAF to block: POST requests to */classes/SystemSettings.php?f=update_settings with file uploads

🧯 If You Can't Patch

  • Remove or disable the vulnerable endpoint id_generator/classes/SystemSettings.php
  • Implement network segmentation to isolate the system from critical assets

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a PHP file via POST to /id_generator/classes/SystemSettings.php?f=update_settings

Check Version:

Check system version in admin panel or readme files

Verify Fix Applied:

Verify file upload validation rejects PHP files and only accepts allowed image formats

📡 Detection & Monitoring

Log Indicators:

  • POST requests to SystemSettings.php with file uploads
  • Unusual file creation in upload directories
  • .php files in image upload directories

Network Indicators:

  • HTTP POST to vulnerable endpoint with multipart/form-data
  • Unexpected outbound connections from web server

SIEM Query:

web.url:*SystemSettings.php* AND http.method:POST AND http.content_type:multipart/form-data

📊 Metadata

CVE ID: CVE-2024-40071
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
EPSS Score: 2.1% exploit probability (83.7th percentile)
Published: April 16, 2025
Last Updated: April 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40071, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)