CVE-2024-53305 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-53305?

CVE-2024-53305 has a CVSS score of 7.3 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on Whoogle Search instances by sending specially crafted search queries. It affects all users running Whoogle Search v0.9.0 who have the service exposed to untrusted users. The vulnerability exists in the configuration parsing component.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Whoogle Search instances by sending specially crafted search queries. It affects all users running Whoogle Search v0.9.0 who have the service exposed to untrusted users. The vulnerability exists in the configuration parsing component.

💻 Affected Systems

Products:

Whoogle Search

Versions: v0.9.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of Whoogle Search v0.9.0 are vulnerable regardless of configuration.

📦 What is this software?

Whoogle Search by Benbusby

View all CVEs affecting Whoogle Search →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands with the privileges of the Whoogle process, potentially leading to data theft, lateral movement, or persistent backdoors.

🟠

Likely Case

Attackers gain shell access to the server hosting Whoogle, allowing them to read sensitive files, modify configurations, or use the server as a pivot point for further attacks.

🟢

If Mitigated

If properly segmented and running with minimal privileges, impact limited to the Whoogle application container or service account.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The GitHub gist contains proof-of-concept code demonstrating exploitation. No authentication required to trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 223f00c3c0533423114f99b30c561278bc0b42ba

Vendor Advisory: https://github.com/benbusby/whoogle-search/commit/223f00c3c0533423114f99b30c561278bc0b42ba

Restart Required: Yes

Instructions:

1. Update Whoogle Search to the latest version from GitHub. 2. Replace the vulnerable /models/config.py file with the patched version. 3. Restart the Whoogle service.

🔧 Temporary Workarounds

Disable Public Access

all

Restrict Whoogle Search to internal network only

Configure firewall rules to block external access to Whoogle port (typically 5000)

Container Isolation

linux

Run Whoogle in a tightly restricted container

docker run --read-only --cap-drop=ALL --security-opt=no-new-privileges whoogle

🧯 If You Can't Patch

Implement strict network segmentation to isolate Whoogle instances
Deploy web application firewall (WAF) with command injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running Whoogle v0.9.0 by examining the version in the web interface or checking the installed files.

Check Version:

Check the Whoogle web interface at / or examine the Docker image tag if containerized.

Verify Fix Applied:

Verify the /models/config.py file contains the fix from commit 223f00c3c0533423114f99b30c561278bc0b42ba.

📡 Detection & Monitoring

Log Indicators:

Unusual search queries containing shell metacharacters
Process execution from Whoogle service account

Network Indicators:

HTTP requests to Whoogle with unusual query parameters
Outbound connections from Whoogle server to unexpected destinations

SIEM Query:

source="whoogle.log" AND ("config.py" OR "os.system" OR "subprocess")

📊 Metadata

CVE ID: CVE-2024-53305

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.76% exploit probability (72.9th percentile)

Published: April 16, 2025

Last Updated: June 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-53305, you might also want to check these: