CVE-2024-41454
📋 TL;DR
This vulnerability allows attackers to upload malicious PHP or HTML files through the login page logo upload function in Process Maker's pm4core-docker. Successful exploitation enables remote code execution on affected systems. Organizations using Process Maker pm4core-docker version 4.1.21-RC7 are at risk.
💻 Affected Systems
- Process Maker pm4core-docker
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation.
Likely Case
Webshell deployment enabling data exfiltration, lateral movement, or service disruption.
If Mitigated
Unauthorized file upload prevented, maintaining system integrity with no code execution.
🎯 Exploit Status
The GitHub reference suggests proof-of-concept code exists. Attackers can upload malicious files without authentication via the login page.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Check Process Maker's official channels for updates. Consider upgrading to a newer stable release if available.
🔧 Temporary Workarounds
Disable logo upload functionality
allRemove or disable the logo upload feature in the login page UI to prevent file uploads.
Modify UI configuration to remove upload elements
Disable file upload endpoints in web server configuration
Implement file type validation
allAdd server-side validation to only allow specific image file types (JPG, PNG, GIF) and reject PHP/HTML files.
Implement file extension whitelisting in upload handler
Add MIME type verification
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file uploads containing PHP/HTML extensions
- Restrict network access to the Process Maker interface using firewall rules or network segmentation
🔍 How to Verify
Check if Vulnerable:
Check if running Process Maker pm4core-docker version 4.1.21-RC7 and test if PHP/HTML files can be uploaded via the login page logo upload function.Check Version:
docker ps | grep processmaker && docker exec [container_name] cat /opt/processmaker/version.txtVerify Fix Applied:
Attempt to upload a PHP or HTML file through the logo upload function - it should be rejected with proper validation.📡 Detection & Monitoring
Log Indicators:
- File upload attempts with PHP/HTML extensions in web server logs
- Unusual file creation in upload directories
- Webshell access patterns
Network Indicators:
- POST requests to upload endpoints with PHP/HTML content
- Unusual outbound connections from the Process Maker server
SIEM Query:
source="web_server.log" AND (uri="*upload*" OR uri="*logo*") AND (extension=".php" OR extension=".html")