CVE-2024-57487
📋 TL;DR
This vulnerability allows unauthenticated attackers to upload malicious PHP files through the car rental system's file upload feature, leading to remote code execution on the server. Any organization using Code-Projects Online Car Rental System 1.0 is affected. The lack of file validation makes exploitation trivial.
💻 Affected Systems
- Code-Projects Online Car Rental System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise allowing attackers to execute arbitrary commands, steal data, install backdoors, or pivot to other systems.
Likely Case
Attackers upload web shells to gain persistent access, deface websites, or use the server for malicious activities like cryptocurrency mining.
If Mitigated
With proper file validation and web application firewalls, exploitation attempts are blocked and logged for investigation.
🎯 Exploit Status
Exploitation requires only basic web knowledge and a PHP shell file. Public proof-of-concept code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch exists. Consider implementing the workarounds below or replacing the software entirely.
🔧 Temporary Workarounds
Implement File Upload Validation
allAdd server-side validation to restrict uploaded files to allowed extensions and MIME types.
Edit PHP upload handling code to validate file extensions against a whitelist (e.g., .jpg, .png, .pdf) and check MIME types.
Restrict Upload Directory Execution
linuxConfigure web server to prevent execution of PHP files in upload directories.
For Apache: Add 'php_flag engine off' to .htaccess in upload directory
For Nginx: Add 'location ~* \.php$ { deny all; }' to upload directory configuration
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with file upload protection rules
- Disable the file upload feature entirely if not required
🔍 How to Verify
Check if Vulnerable:
Attempt to upload a file with .php extension through the system's upload feature. If successful without validation, the system is vulnerable.Check Version:
Check the software version in the application's admin panel or configuration files.Verify Fix Applied:
Test file upload with .php extension and ensure it's rejected with proper error messages. Verify uploaded files cannot be executed.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads with .php extensions
- Multiple failed upload attempts followed by successful .php upload
- Web server logs showing execution of uploaded PHP files
Network Indicators:
- HTTP POST requests to upload endpoints with PHP file content
- Subsequent requests to uploaded PHP files with command parameters
SIEM Query:
source="web_server" (method="POST" AND uri="*upload*" AND (file_extension=".php" OR content_type="application/x-php"))