CVE-2024-55452 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2024-55452?

CVE-2024-55452 has a CVSS score of 5.4 (MEDIUM). This vulnerability allows authenticated attackers in UJCMS 9.6.3 to create malicious block/carousel items that redirect users to attacker-controlled websites. When users click these items, they can be sent to malicious domains where sensitive tokens like JWTs can be stolen. Only authenticated users can exploit this, but all users clicking malicious items are affected.

📋 TL;DR

This vulnerability allows authenticated attackers in UJCMS 9.6.3 to create malicious block/carousel items that redirect users to attacker-controlled websites. When users click these items, they can be sent to malicious domains where sensitive tokens like JWTs can be stolen. Only authenticated users can exploit this, but all users clicking malicious items are affected.

💻 Affected Systems

Products:

UJCMS

Versions: 9.6.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated attacker access to upload block/carousel items.

📦 What is this software?

Ujcms by Ujcms

View all CVEs affecting Ujcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal session tokens and authentication credentials, leading to account takeover, data theft, and lateral movement within the application.

🟠

Likely Case

Attackers redirect users to phishing pages to steal credentials or session tokens, potentially compromising user accounts.

🟢

If Mitigated

With proper URL validation and output encoding, redirection would be prevented or users would be warned about external links.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://github.com/dromara/ujcms

Restart Required: No

Instructions:

Check UJCMS GitHub repository for security updates. If no patch is available, implement workarounds.

🔧 Temporary Workarounds

Implement URL validation filter

all

Add server-side validation to block/carousel upload functionality to reject URLs containing external domains or suspicious patterns.

Implement input validation in block/carousel upload handlers to only allow relative URLs or trusted domains.

Add Content Security Policy

all

Implement CSP headers to restrict which domains can be loaded, preventing redirection to malicious sites.

Add header: Content-Security-Policy: default-src 'self';

🧯 If You Can't Patch

Restrict block/carousel upload permissions to trusted administrators only.
Implement client-side warnings for all external links with user confirmation before redirect.

🔍 How to Verify

Check if Vulnerable:

Test if block/carousel items can be created with external URLs that redirect users without validation.

Check Version:

Check UJCMS version in admin panel or configuration files.

Verify Fix Applied:

Verify that external URLs in block/carousel items are either blocked or properly validated with user warnings.

📡 Detection & Monitoring

Log Indicators:

Unusual block/carousel uploads with external URLs
User reports of unexpected redirects after clicking content

Network Indicators:

Outbound connections to unfamiliar domains following clicks on UJCMS content

SIEM Query:

source="ujcms" AND (url="*http://*" OR url="*https://*") AND action="upload"

📊 Metadata

CVE ID: CVE-2024-55452

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

Published: December 16, 2024

Last Updated: April 24, 2025

🔗 References

https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/OpenRedirect-BlockItemUpload.md Exploit,Third Party Advisory
https://github.com/dromara/ujcms Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55452, you might also want to check these: