CVE-2024-45186
📋 TL;DR
FileSender versions before 2.49 contain a server-side template injection (SSTI) vulnerability that allows attackers to execute arbitrary code on the server. This can lead to credential theft and full system compromise. All FileSender instances running vulnerable versions are affected.
💻 Affected Systems
- FileSender
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to credential theft, data exfiltration, and potential lateral movement within the network.
Likely Case
Attackers gain administrative access to the FileSender instance and steal user credentials and uploaded files.
If Mitigated
Limited impact if proper network segmentation and access controls prevent lateral movement after initial compromise.
🎯 Exploit Status
SSTI vulnerabilities typically have low exploitation complexity once the injection point is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.49
Vendor Advisory: https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/
Restart Required: Yes
Instructions:
1. Backup your FileSender installation and database. 2. Download FileSender 2.49 or later from the official website. 3. Replace the existing installation with the new version. 4. Restart your web server. 5. Verify the update was successful.
🔧 Temporary Workarounds
Disable vulnerable endpoints
allTemporarily disable the specific endpoints vulnerable to SSTI until patching can be completed
# Requires web server configuration changes specific to your setup
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FileSender from other critical systems
- Deploy a web application firewall (WAF) with SSTI protection rules
🔍 How to Verify
Check if Vulnerable:
Check the FileSender version in the admin interface or by examining the source code filesCheck Version:
grep -r 'FILESENDER_VERSION' /path/to/filesender/installation/Verify Fix Applied:
Verify the version number shows 2.49 or higher in the admin interface📡 Detection & Monitoring
Log Indicators:
- Unusual template rendering errors
- Suspicious file access patterns
- Unexpected system commands in logs
Network Indicators:
- Unusual outbound connections from the FileSender server
- Large data transfers to unknown destinations
SIEM Query:
source="filesender.log" AND ("template" OR "render" OR "eval") AND error