Login Sign Up

CVE-2024-6084

7.3 HIGH

📋 TL;DR

This critical vulnerability allows remote attackers to upload arbitrary files to the Pool of Bethesda Online Reservation System via the uploadImage function. Attackers can exploit this to upload malicious files like webshells, potentially gaining full control of affected systems. All users running versions up to 1.0 are affected.

💻 Affected Systems

Products:
  • Pool of Bethesda Online Reservation System
Versions: up to 1.0
Operating Systems: Any OS running the application
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the admin interface at /admin/mod_room/controller.php?action=add

📦 What is this software?

Pool Of Bethesda Online Reservation System by Janobe

View all CVEs affecting Pool Of Bethesda Online Reservation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via webshell upload leading to data theft, ransomware deployment, or use as attack platform

🟠

Likely Case

Unauthorized file upload leading to webshell installation and server control

🟢

If Mitigated

File upload attempts blocked or quarantined with no system impact

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication
🏢 Internal Only: MEDIUM - Internal attackers could exploit but external threat is primary concern

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details publicly disclosed on GitHub; simple file upload manipulation required

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or replacing with secure alternative software.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Block file uploads to vulnerable endpoint and restrict file types

File Upload Validation

all

Implement server-side file type validation, size limits, and rename uploaded files

🧯 If You Can't Patch

  • Block access to /admin/mod_room/controller.php at network perimeter
  • Implement strict file upload validation and store uploaded files outside web root

🔍 How to Verify

Check if Vulnerable:

Test if you can upload arbitrary files (e.g., .php, .jsp) to /admin/mod_room/controller.php?action=add

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Attempt file upload with malicious extensions; should be rejected with proper error

📡 Detection & Monitoring

Log Indicators:

  • File uploads to controller.php with unusual file extensions
  • Multiple failed upload attempts
  • Successful uploads of executable files

Network Indicators:

  • POST requests to /admin/mod_room/controller.php?action=add with file uploads
  • Subsequent requests to uploaded malicious files

SIEM Query:

source="web_server" AND (uri="/admin/mod_room/controller.php" AND method="POST" AND (file_extension="php" OR file_extension="jsp" OR file_extension="asp"))

📊 Metadata

CVE ID: CVE-2024-6084
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-434
Published: June 18, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6084, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)