CVE-2024-4920 – This critical vulnerability in SourceCodester O... (How to Fix)

Q: What is the severity of CVE-2024-4920?

CVE-2024-4920 has a CVSS score of 7.3 (HIGH). This critical vulnerability in SourceCodester Online Discussion Forum Site 1.0 allows attackers to upload arbitrary files without restrictions via the registerH.php file's 'ima' parameter. Remote attackers can exploit this to upload malicious files like web shells, potentially gaining full control of affected systems. Anyone running this specific forum software version is affected.

📋 TL;DR

This critical vulnerability in SourceCodester Online Discussion Forum Site 1.0 allows attackers to upload arbitrary files without restrictions via the registerH.php file's 'ima' parameter. Remote attackers can exploit this to upload malicious files like web shells, potentially gaining full control of affected systems. Anyone running this specific forum software version is affected.

💻 Affected Systems

Products:

SourceCodester Online Discussion Forum Site

Versions: 1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the registerH.php file specifically; requires PHP environment with file upload functionality enabled

📦 What is this software?

Online Discussion Forum Site by Razormist

View all CVEs affecting Online Discussion Forum Site →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via web shell upload leading to data theft, ransomware deployment, or use as attack infrastructure

🟠

Likely Case

Web shell installation enabling persistent backdoor access, data exfiltration, and lateral movement within the network

🟢

If Mitigated

File upload attempts blocked or detected before execution, limiting impact to failed attack attempts

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing instances immediate targets

🏢 Internal Only: MEDIUM - Internal instances still vulnerable but require attacker to have network access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details publicly disclosed; simple file upload manipulation makes weaponization straightforward

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider removing or replacing the software entirely.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement strict file upload validation in registerH.php to only allow specific file types and sizes

Modify registerH.php to add: $allowed_types = ['image/jpeg', 'image/png']; $max_size = 5000000;

File Extension Validation

all

Add server-side file extension validation and rename uploaded files

Add to registerH.php: $extension = pathinfo($_FILES['ima']['name'], PATHINFO_EXTENSION); if(!in_array($extension, ['jpg','png'])) { die('Invalid file type'); }

🧯 If You Can't Patch

Remove or disable registerH.php file entirely
Implement WAF rules to block file uploads to registerH.php with suspicious extensions

🔍 How to Verify

Check if Vulnerable:

Check if registerH.php exists in the web root and test file upload functionality with non-image files

Check Version:

Check software documentation or admin panel for version information

Verify Fix Applied:

Attempt to upload a PHP file via registerH.php; successful upload indicates still vulnerable

📡 Detection & Monitoring

Log Indicators:

Multiple file upload attempts to registerH.php
Uploads of files with .php, .exe, or other executable extensions
Large file uploads to registerH.php

Network Indicators:

POST requests to registerH.php with file upload content
Unusual outbound connections from web server after file upload

SIEM Query:

source="web_logs" AND uri="/registerH.php" AND method="POST" AND (file_extension="php" OR file_extension="exe" OR file_extension="sh")

📊 Metadata

CVE ID: CVE-2024-4920

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: May 16, 2024

Last Updated: February 10, 2025

🔗 References

https://github.com/CveSecLook/cve/issues/27 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.264455 Permissions Required,VDB Entry
https://vuldb.com/?id.264455 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.333477 Third Party Advisory,VDB Entry
https://github.com/CveSecLook/cve/issues/27 Exploit,Third Party Advisory
https://vuldb.com/?ctiid.264455 Permissions Required,VDB Entry
https://vuldb.com/?id.264455 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.333477 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4920, you might also want to check these: