Login Sign Up

CVE-2024-46471

7.5 HIGH

📋 TL;DR

This vulnerability allows unauthenticated directory listing of the /uploads/ folder in CodeAstro Membership Management System 1.0, exposing file structure and potentially sensitive uploaded content. Any organization using this specific PHP membership system version is affected. Attackers can browse uploaded files without authentication.

💻 Affected Systems

Products:
  • CodeAstro Membership Management System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects PHP installations with the specific vulnerable software. Requires web server access to the /uploads/ directory.

📦 What is this software?

Membership Management System by Codeastro

View all CVEs affecting Membership Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers download sensitive user-uploaded documents, personal data, or configuration files containing credentials, leading to data breach and system compromise.

🟠

Likely Case

Attackers enumerate uploaded files to identify interesting targets for further exploitation, potentially accessing user-uploaded content containing PII or business information.

🟢

If Mitigated

Directory listing reveals only file names and structure, but actual file access requires additional vulnerabilities or misconfigurations.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only web browser access to the vulnerable URL. No authentication or special tools needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider workarounds or migrating to alternative software.

🔧 Temporary Workarounds

Disable Directory Listing via .htaccess

linux

Prevent Apache from listing directory contents by adding Options -Indexes directive

echo 'Options -Indexes' > /path/to/uploads/.htaccess

Restrict Access to Uploads Directory

linux

Block direct access to /uploads/ folder or move it outside web root

mv /var/www/html/uploads /var/www/
ln -s /var/www/uploads /var/www/html/uploads

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block directory listing requests
  • Monitor access logs for repeated requests to /uploads/ directory patterns

🔍 How to Verify

Check if Vulnerable:

Navigate to http://[target]/uploads/ in browser. If directory listing shows files instead of 403 error, system is vulnerable.

Check Version:

Check source code or documentation for version 1.0 reference

Verify Fix Applied:

Attempt to access /uploads/ URL. Should receive 403 Forbidden or redirect instead of directory listing.

📡 Detection & Monitoring

Log Indicators:

  • Multiple GET requests to /uploads/ with 200 OK responses
  • Directory index requests in access logs

Network Indicators:

  • HTTP requests to /uploads/ without specific file names
  • Responses containing HTML directory listings

SIEM Query:

source="web_logs" AND uri_path="/uploads/" AND status=200 AND user_agent NOT CONTAINS "bot"

📊 Metadata

CVE ID: CVE-2024-46471
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: September 27, 2024
Last Updated: March 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46471, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)