CVE-2024-48234
📋 TL;DR
This SSRF vulnerability in mipjz 5.0.5 allows attackers to make the server send HTTP requests to internal systems by manipulating the postAddress parameter. It affects any system running the vulnerable version of mipjz, potentially exposing internal network resources and sensitive files.
💻 Affected Systems
- mipjz
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attacker reads sensitive server files, accesses internal services, or performs port scanning of internal networks leading to data exfiltration or lateral movement.
Likely Case
Unauthorized reading of server files containing configuration data, credentials, or sensitive information from the local filesystem.
If Mitigated
Limited impact with proper network segmentation and input validation, restricting access to only non-sensitive internal resources.
🎯 Exploit Status
Exploitation requires access to the admin API endpoint. The GitHub issue demonstrates the vulnerability with example payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://github.com/sansanyun/mipjz/issues/18
Restart Required: No
Instructions:
1. Check GitHub repository for official patch. 2. Apply input validation to sanitize postAddress parameter. 3. Implement URL whitelisting for curl requests. 4. Update to patched version when available.
🔧 Temporary Workarounds
Input Validation Filter
allAdd validation to restrict postAddress parameter to allowed URLs only
Modify app\tag\controller\ApiAdminTag.php to validate postAddress against whitelist
Network Restriction
linuxBlock outbound HTTP requests from the application server to internal networks
iptables -A OUTPUT -p tcp --dport 80 -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -p tcp --dport 80 -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -p tcp --dport 80 -d 192.168.0.0/16 -j DROP
🧯 If You Can't Patch
- Restrict access to the vulnerable API endpoint using authentication or IP whitelisting
- Implement web application firewall rules to block SSRF patterns in postAddress parameter
🔍 How to Verify
Check if Vulnerable:
Test if the API endpoint accepts arbitrary URLs in postAddress parameter and makes external requestsCheck Version:
Check mipjz version in configuration files or via admin interfaceVerify Fix Applied:
Verify that postAddress parameter is properly validated and only allows whitelisted URLs📡 Detection & Monitoring
Log Indicators:
- Unusual curl requests to internal IP addresses
- Multiple failed HTTP requests from application server
Network Indicators:
- HTTP requests from application server to internal services on unusual ports
- Outbound requests to file:// or localhost URLs
SIEM Query:
source="application.log" AND "curl_exec" AND ("file://" OR "localhost" OR "127.0.0.1" OR "192.168." OR "10." OR "172.16.")