CVE-2024-48224
📋 TL;DR
Funadmin v5.0.2 contains an arbitrary file read vulnerability in the /curd/index/editfile endpoint. This allows attackers to read sensitive files from the server filesystem. All systems running Funadmin v5.0.2 with the vulnerable endpoint accessible are affected.
💻 Affected Systems
- Funadmin
📦 What is this software?
Funadmin by Funadmin
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive configuration files, database credentials, SSH keys, or other critical system files, potentially leading to full system compromise.
Likely Case
Attackers read application configuration files containing database credentials or API keys, enabling further attacks against the application or connected systems.
If Mitigated
With proper access controls and file system permissions, impact is limited to reading non-sensitive files within the web application directory.
🎯 Exploit Status
The GitHub issue shows exploitation details. Simple path traversal payloads can be used to read arbitrary files.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://github.com/funadmin/funadmin/issues/24
Restart Required: No
Instructions:
1. Monitor the GitHub repository for patches. 2. Apply any available security updates. 3. Test the fix in a non-production environment first.
🔧 Temporary Workarounds
Disable vulnerable endpoint
allBlock or disable access to the /curd/index/editfile endpoint
# In web server config (Apache):
<Location "/curd/index/editfile">
Require all denied
</Location>
# In web server config (Nginx):
location /curd/index/editfile {
deny all;
}
Implement input validation
allAdd path traversal protection to the editfile function
# In PHP code, validate file paths:
$allowed_path = '/var/www/html/'; // Set your web root
$requested_file = realpath($allowed_path . $_GET['file']);
if (strpos($requested_file, $allowed_path) !== 0) {
die('Invalid file path');
}
🧯 If You Can't Patch
- Implement strict web application firewall (WAF) rules to block path traversal patterns
- Restrict file system permissions so the web server user can only read necessary files
🔍 How to Verify
Check if Vulnerable:
Attempt to access /curd/index/editfile?file=../../../../etc/passwd and check if server returns sensitive file contents.Check Version:
Check Funadmin version in application configuration files or admin panelVerify Fix Applied:
After applying workarounds, test the same path traversal payload and verify it's blocked or returns an error.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /curd/index/editfile with path traversal patterns (../)
- Unusual file read operations in web server logs
Network Indicators:
- HTTP GET requests containing path traversal sequences to the vulnerable endpoint
SIEM Query:
source="web_server_logs" AND uri_path="/curd/index/editfile" AND (uri_query="*../*" OR uri_query="*..%2f*")