CVE-2024-56156 – This vulnerability in Halo website building sof... (How to Fix)

Q: What is the severity of CVE-2024-56156?

CVE-2024-56156 has a CVSS score of 9.0 (CRITICAL). This vulnerability in Halo website building software allows attackers to bypass file upload validation controls. Attackers can upload malicious files like executables and HTML, leading to stored cross-site scripting attacks and potential remote code execution. All Halo installations prior to version 2.20.13 are affected.

📋 TL;DR

This vulnerability in Halo website building software allows attackers to bypass file upload validation controls. Attackers can upload malicious files like executables and HTML, leading to stored cross-site scripting attacks and potential remote code execution. All Halo installations prior to version 2.20.13 are affected.

💻 Affected Systems

Products:

Halo

Versions: All versions prior to 2.20.13

Operating Systems: All platforms running Halo

Default Config Vulnerable: ⚠️ Yes

Notes: Any Halo installation with file upload functionality enabled is vulnerable.

📦 What is this software?

Halo by Halo

View all CVEs affecting Halo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Stored cross-site scripting attacks allowing session hijacking, credential theft, and defacement of websites.

🟢

If Mitigated

Limited impact with proper network segmentation and web application firewalls blocking malicious uploads.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires file upload access but bypasses validation controls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.20.13

Vendor Advisory: https://github.com/halo-dev/halo/security/advisories/GHSA-99mc-ch53-pqh9

Restart Required: Yes

Instructions:

1. Backup your Halo installation and database. 2. Update to version 2.20.13 via package manager or manual download. 3. Restart the Halo service. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable file uploads

all

Temporarily disable all file upload functionality in Halo configuration

Edit halo configuration file to set upload.enabled=false

Implement WAF rules

all

Configure web application firewall to block suspicious file uploads

Add WAF rule to block file uploads with executable extensions

🧯 If You Can't Patch

Implement strict file upload validation at network perimeter
Monitor file upload logs for suspicious activity and implement alerting

🔍 How to Verify

Check if Vulnerable:

Check Halo version via admin panel or configuration files

Check Version:

Check halo version in admin dashboard or via halo --version command

Verify Fix Applied:

Verify version is 2.20.13 or higher and test file upload validation

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads with executable extensions
Multiple failed upload attempts followed by successful bypass

Network Indicators:

HTTP POST requests to upload endpoints with suspicious file types
Unusual outbound connections after file uploads

SIEM Query:

source="halo" AND (event="file_upload" AND file_extension IN ("exe", "html", "php", "js"))

📊 Metadata

CVE ID: CVE-2024-56156

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

EPSS Score: 0.38% exploit probability (58.9th percentile)

Published: April 25, 2025

Last Updated: February 3, 2026

🔗 References

https://github.com/halo-dev/halo/commit/24f8d7b57127e2607ec05adb7c912b3decddeb99
https://github.com/halo-dev/halo/pull/7149 Issue Tracking
https://github.com/halo-dev/halo/security/advisories/GHSA-99mc-ch53-pqh9 Exploit,Mitigation,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56156, you might also want to check these: