CVE-2024-46089 – CVE-2024-46089 is a remote code execution vulne... (How to Fix)

Q: What is the severity of CVE-2024-46089?

CVE-2024-46089 has a CVSS score of 6.3 (MEDIUM). CVE-2024-46089 is a remote code execution vulnerability in 74cms background interface apiadmin that allows attackers to execute arbitrary code on affected systems. This affects 74cms versions up to and including 3.33, potentially compromising the entire web application server.

📋 TL;DR

CVE-2024-46089 is a remote code execution vulnerability in 74cms background interface apiadmin that allows attackers to execute arbitrary code on affected systems. This affects 74cms versions up to and including 3.33, potentially compromising the entire web application server.

💻 Affected Systems

Products:

74cms

Versions: <= 3.33

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to the background interface apiadmin, which may require authentication depending on configuration.

📦 What is this software?

74cms by 74cms

View all CVEs affecting 74cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with attacker gaining full control over the web server, data exfiltration, installation of persistent backdoors, and lateral movement to other systems.

🟠

Likely Case

Webshell deployment leading to data theft, defacement, or use as part of a botnet for further attacks.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege access controls are implemented, potentially containing the breach to the web server only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit details and proof-of-concept code are publicly available in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 3.33

Vendor Advisory: Not specified in provided references

Restart Required: No

Instructions:

1. Upgrade 74cms to version newer than 3.33. 2. Apply any available security patches from the vendor. 3. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Restrict access to apiadmin interface

linux

Block or restrict access to the vulnerable background interface using firewall rules or web server configuration.

iptables -A INPUT -p tcp --dport 80 -m string --string "apiadmin" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "apiadmin" --algo bm -j DROP

Implement web application firewall rules

all

Add WAF rules to block malicious requests targeting the apiadmin interface.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable system
Apply principle of least privilege and disable unnecessary background interfaces

🔍 How to Verify

Check if Vulnerable:

Check if 74cms version is <= 3.33 and test the apiadmin interface for RCE vulnerability using safe testing methods.

Check Version:

Check 74cms configuration files or admin panel for version information

Verify Fix Applied:

Verify version is > 3.33 and test that the apiadmin interface no longer accepts malicious payloads that could lead to RCE.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to apiadmin endpoints
Suspicious file uploads or system command execution in logs
Unexpected process creation from web server user

Network Indicators:

Unusual outbound connections from web server
Traffic patterns indicating data exfiltration
Requests containing suspicious payloads to apiadmin

SIEM Query:

source="web_server" AND (uri="*apiadmin*" AND (method="POST" OR method="PUT") AND (payload="*system(*" OR payload="*exec(*" OR payload="*shell_exec(*"))

📊 Metadata

CVE ID: CVE-2024-46089

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 2.04% exploit probability (83.5th percentile)

Published: April 18, 2025

Last Updated: May 28, 2025

🔗 References

https://gitee.com/Q16G/laravel_bug/blob/master/74cms.md Permissions Required
https://github.com/Q16G/cve_detail/blob/main/74cms/unzipRCE.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46089, you might also want to check these: