CVE-2024-46101 – GDidees CMS v3.9.1 and earlier contains an unre... (How to Fix)

📋 TL;DR

GDidees CMS v3.9.1 and earlier contains an unrestricted file upload vulnerability that allows attackers to upload malicious files, including webshells, to the server. This affects all websites running vulnerable versions of GDidees CMS, potentially leading to complete system compromise.

💻 Affected Systems

Products:

GDidees CMS

Versions: <= v3.9.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with file upload functionality enabled are vulnerable

📦 What is this software?

Gdidees Cms by Gdidees

View all CVEs affecting Gdidees Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full server takeover, data exfiltration, and lateral movement within the network

🟠

Likely Case

Webshell deployment allowing persistent backdoor access, file manipulation, and credential theft

🟢

If Mitigated

Limited impact with proper file upload restrictions and web application firewalls in place

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or through compromised internal systems

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP POST requests with malicious file uploads can exploit this vulnerability

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.9.2 or later

Vendor Advisory: https://github.com/N0zoM1z0/MY-CVE/blob/main/CVE-2024-46101.md

Restart Required: No

Instructions:

1. Download latest version from official GDidees CMS repository
2. Backup current installation
3. Replace all files with patched version
4. Verify file upload functionality is properly restricted

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file type validation and extension filtering

# Add to .htaccess or web server config
<FilesMatch "\.(php|phtml|php3|php4|php5|phps|phar|inc|pl|py|jsp|asp|aspx|sh|bash|cmd|bat)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

Web Application Firewall

all

Deploy WAF rules to block malicious file uploads

# Example ModSecurity rule
SecRule FILES_TMPNAMES "@rx \.(php|phtml|php3|php4|php5|phps|phar|inc|pl|py|jsp|asp|aspx|sh|bash|cmd|bat)$" "id:1001,phase:2,deny,msg:'Malicious file upload attempt'"
# Cloudflare WAF rule: Block file uploads with dangerous extensions

🧯 If You Can't Patch

Disable all file upload functionality in GDidees CMS
Implement network segmentation to isolate GDidees CMS server from critical systems

🔍 How to Verify

Check if Vulnerable:

Check GDidees CMS version in admin panel or by examining version files. Attempt to upload a file with dangerous extension (e.g., test.php) - if accepted without validation, system is vulnerable

Check Version:

# Check version in admin panel or look for version.txt file
cat /path/to/gdidees/version.txt

Verify Fix Applied:

After patching, attempt to upload malicious file types - they should be rejected with proper error messages

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with dangerous extensions
Multiple failed upload attempts followed by successful upload
POST requests to upload endpoints with suspicious filenames

Network Indicators:

HTTP POST requests to /upload or similar endpoints with executable file content
Subsequent connections to uploaded malicious files

SIEM Query:

source="web_server" (method="POST" AND uri="*upload*" AND (filename="*.php" OR filename="*.jsp" OR filename="*.asp" OR filename="*.sh"))

📊 Metadata

CVE ID: CVE-2024-46101

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: September 20, 2024

Last Updated: April 28, 2025

🔗 References

https://github.com/N0zoM1z0/MY-CVE/blob/main/CVE-2024-46101.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46101, you might also want to check these: