Login Sign Up

CVE-2024-6524

5.5 MEDIUM
SSRF

📋 TL;DR

This is a Server-Side Request Forgery (SSRF) vulnerability in ShopXO's Uploader.php component. Attackers can manipulate the 'source' parameter to make the server send unauthorized requests to internal or external systems. All ShopXO installations up to version 6.1.0 are affected.

💻 Affected Systems

Products:
  • ShopXO
Versions: Up to and including 6.1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the Uploader.php component in extend/base/ directory. The vulnerability exists in the source parameter handling.

📦 What is this software?

Shopxo by Shopxo

View all CVEs affecting Shopxo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal services, exfiltrate sensitive data, perform port scanning of internal networks, or chain with other vulnerabilities to achieve remote code execution.

🟠

Likely Case

Information disclosure from internal services, potential data exfiltration, and abuse of the vulnerable server as a proxy for attacks against other systems.

🟢

If Mitigated

Limited impact with proper network segmentation and egress filtering, though some information disclosure may still occur.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit available on GitHub. Attack can be launched remotely without authentication. Original disclosure confused CSRF with SSRF.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor ShopXO vendor for official patch. 2. Check if version 6.1.1 or later addresses this vulnerability. 3. Apply patch when available.

🔧 Temporary Workarounds

Input Validation and Filtering

all

Add validation to restrict the 'source' parameter to allowed URLs only

Modify extend/base/Uploader.php to validate source parameter against whitelist

Network Egress Filtering

linux

Restrict outbound connections from web server to only necessary services

Configure firewall to block outbound HTTP/HTTPS from web server except to trusted destinations

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) rules to block SSRF patterns
  • Disable or restrict access to the vulnerable Uploader.php component

🔍 How to Verify

Check if Vulnerable:

Check if ShopXO version is ≤6.1.0 and if extend/base/Uploader.php exists with vulnerable source parameter handling

Check Version:

Check ShopXO configuration files or admin panel for version information

Verify Fix Applied:

Test if source parameter can no longer make requests to arbitrary URLs

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from web server
  • Requests to internal IP addresses or unusual domains from Uploader.php

Network Indicators:

  • Web server making unexpected outbound HTTP/HTTPS connections
  • Requests to internal network segments from external-facing server

SIEM Query:

source="web_server" AND (dest_ip IN private_ranges OR dest_domain NOT IN allowed_domains) AND uri_path="/extend/base/Uploader.php"

📊 Metadata

CVE ID: CVE-2024-6524
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-918
Published: July 5, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6524, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)