CVE-2024-4500
📋 TL;DR
This critical vulnerability in SourceCodester Prison Management System 1.0 allows attackers to upload arbitrary files via the /Employee/edit-photo.php endpoint. The unrestricted file upload can lead to remote code execution, compromising the entire system. Organizations using this prison management software are affected.
💻 Affected Systems
- SourceCodester Prison Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining complete control over the prison management system, accessing sensitive prisoner data, modifying records, and potentially using the system as a foothold for further network attacks.
Likely Case
Webshell deployment leading to data theft, system manipulation, and potential ransomware deployment affecting prison operations and sensitive data.
If Mitigated
Limited impact with proper file upload validation and web application firewall rules blocking malicious upload attempts.
🎯 Exploit Status
Exploit details are publicly available on GitHub. Attack requires access to the Employee photo upload functionality.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Consider implementing workarounds or replacing the software.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock access to /Employee/edit-photo.php endpoint
# Example for Apache: RewriteRule ^/Employee/edit-photo\.php$ - [F,L]
# Example for Nginx: location ~ ^/Employee/edit-photo\.php$ { deny all; }
File Upload Validation
allImplement server-side file type validation and restrict uploads to specific directories
# Implement PHP validation: check file extension, MIME type, and content
🧯 If You Can't Patch
- Isolate the Prison Management System from other network segments
- Implement strict access controls and monitor all file upload activities
🔍 How to Verify
Check if Vulnerable:
Attempt to upload a file with malicious extension (e.g., .php) to /Employee/edit-photo.php endpointCheck Version:
Check application version in admin panel or configuration filesVerify Fix Applied:
Test that file upload validation now properly restricts file types and extensions📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /Employee/edit-photo.php
- Uploads of non-image file types
- Multiple failed upload attempts
Network Indicators:
- POST requests to /Employee/edit-photo.php with suspicious file names
- Traffic patterns indicating webshell communication
SIEM Query:
source="web_server" AND (uri="/Employee/edit-photo.php" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp"))🔗 References
- https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/file_upload.md
- https://vuldb.com/?ctiid.263104
- https://vuldb.com/?id.263104
- https://vuldb.com/?submit.329639
- https://github.com/yylmm/CVE/blob/main/Prison%20Management%20System/file_upload.md
- https://vuldb.com/?ctiid.263104
- https://vuldb.com/?id.263104
- https://vuldb.com/?submit.329639
