CVE-2024-50658 – This CVE describes a Server-Side Template Injec... (How to Fix)

Q: What is the severity of CVE-2024-50658?

CVE-2024-50658 has a CVSS score of 9.8 (CRITICAL). This CVE describes a Server-Side Template Injection vulnerability in AdPortal 3.0.39 that allows remote attackers to execute arbitrary code by manipulating the shippingAsBilling and firstname parameters. Attackers can achieve remote code execution on affected systems, potentially compromising the entire server. Organizations running AdPortal 3.0.39 are affected.

📋 TL;DR

This CVE describes a Server-Side Template Injection vulnerability in AdPortal 3.0.39 that allows remote attackers to execute arbitrary code by manipulating the shippingAsBilling and firstname parameters. Attackers can achieve remote code execution on affected systems, potentially compromising the entire server. Organizations running AdPortal 3.0.39 are affected.

💻 Affected Systems

Products:

AdPortal

Versions: 3.0.39

Operating Systems: Any OS running AdPortal

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the updateuserinfo.html file and requires the application to be accessible and the vulnerable endpoints to be reachable.

📦 What is this software?

Adportal by Ipublishmedia

View all CVEs affecting Adportal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, steal sensitive data, install malware, pivot to other systems, and maintain persistent access.

🟠

Likely Case

Remote code execution leading to data theft, website defacement, or deployment of ransomware/cryptominers on vulnerable servers.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and input validation are in place, though the vulnerability remains exploitable.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is publicly documented with technical details, making exploitation straightforward for attackers with basic skills.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider alternative solutions.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and sanitization for shippingAsBilling and firstname parameters to block template injection attempts.

WAF Rule Implementation

all

Deploy Web Application Firewall rules to detect and block SSTI payloads targeting the vulnerable endpoints.

🧯 If You Can't Patch

Block access to updateuserinfo.html endpoint at network perimeter or application firewall
Implement strict network segmentation to isolate AdPortal from critical systems

🔍 How to Verify

Check if Vulnerable:

Test if template injection payloads in shippingAsBilling or firstname parameters trigger server-side template evaluation. Example: ${7*7} returning 49.

Check Version:

Check AdPortal version in admin interface or configuration files. Typically found in /admin or configuration settings.

Verify Fix Applied:

Verify that template injection payloads no longer execute and return sanitized output or error messages.

📡 Detection & Monitoring

Log Indicators:

Unusual template syntax in shippingAsBilling or firstname parameters
Multiple failed template injection attempts
Suspicious file operations or command execution

Network Indicators:

HTTP requests to updateuserinfo.html with template syntax payloads
Unusual outbound connections from AdPortal server

SIEM Query:

source="adportal_logs" AND (uri="*updateuserinfo.html*" AND (param="*shippingAsBilling*" OR param="*firstname*") AND value="*${*" OR value="*<%*" OR value="*{{*"))

📊 Metadata

CVE ID: CVE-2024-50658

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-94

EPSS Score: 1.22% exploit probability (78.7th percentile)

Published: January 7, 2025

Last Updated: June 24, 2025

🔗 References

http://adportal.com Broken Link
http://ipublish.com Broken Link
https://petercipolone.info/wp-content/uploads/2025/01/iPublishMedia_AdPortal3.0.39_CVEs.pdf Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-50658, you might also want to check these: