CVE-2024-55078
📋 TL;DR
This vulnerability allows unauthenticated attackers to upload arbitrary files to the WukongCRM system via the /adminUser/updateImg endpoint. Successful exploitation enables remote code execution, potentially giving attackers full control over affected systems. All deployments of WukongCRM-11.0-JAVA v11.3.3 are affected.
💻 Affected Systems
- WukongCRM-11.0-JAVA
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to data theft, ransomware deployment, lateral movement within networks, and persistent backdoor installation.
Likely Case
Webshell deployment enabling data exfiltration, credential harvesting, and further exploitation of internal systems.
If Mitigated
File upload attempts are blocked or quarantined, preventing code execution while maintaining system functionality.
🎯 Exploit Status
Public proof-of-concept demonstrates simple file upload to achieve RCE. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None available
Restart Required: No
Instructions:
No official patch available. Monitor vendor channels for updates and apply immediately when released.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock requests to /adminUser/updateImg endpoint
WAF specific - configure rule to block POST requests to /adminUser/updateImg
File Upload Restriction
allImplement strict file type validation and upload directory restrictions
Application configuration - restrict uploads to specific extensions and validate file content
🧯 If You Can't Patch
- Isolate affected systems from internet access and restrict internal network communication
- Implement strict network monitoring for unusual file upload activity to /adminUser/updateImg
🔍 How to Verify
Check if Vulnerable:
Check if system is running WukongCRM-11.0-JAVA v11.3.3 and has /adminUser/updateImg endpoint accessibleCheck Version:
Check application version in web interface or configuration filesVerify Fix Applied:
Test if file upload to /adminUser/updateImg endpoint is properly restricted and validated📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to /adminUser/updateImg with unusual file extensions
- File uploads with executable extensions (.jsp, .war, .php)
Network Indicators:
- Unusual outbound connections from WukongCRM server
- Traffic patterns indicating webshell communication
SIEM Query:
source="wukongcrm" AND (url_path="/adminUser/updateImg" OR file_extension IN ("jsp", "war", "php"))