Login Sign Up

CVE-2024-7500

6.3 MEDIUM
Remote Code Execution

📋 TL;DR

CVE-2024-7500 is a critical unrestricted file upload vulnerability in itsourcecode Airline Reservation System 1.0. Attackers can remotely upload malicious files via the img parameter in the save_settings function, potentially leading to server compromise. This affects all deployments of version 1.0 with the vulnerable admin/admin_class.php file.

💻 Affected Systems

Products:
  • itsourcecode Airline Reservation System
Versions: 1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the admin panel's save_settings function in admin/admin_class.php when handling img parameter uploads.

📦 What is this software?

Airline Reservation System by Angeljudesuarez

View all CVEs affecting Airline Reservation System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, data theft, and lateral movement within the network.

🟠

Likely Case

Webshell deployment allowing persistent backdoor access, file system manipulation, and potential data exfiltration.

🟢

If Mitigated

File upload attempts blocked or sanitized, preventing malicious file execution while maintaining normal functionality.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin access but is trivial to execute once authenticated. Public exploit code exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider workarounds or migrating to a supported system.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement server-side validation to restrict uploaded file types to safe extensions (e.g., .jpg, .png) and verify file content.

Admin Panel Access Control

all

Restrict admin panel access to specific IP addresses and enforce strong authentication.

🧯 If You Can't Patch

  • Disable the vulnerable save_settings function or remove admin/admin_class.php if not essential.
  • Implement a web application firewall (WAF) with file upload protection rules.

🔍 How to Verify

Check if Vulnerable:

Check if admin/admin_class.php exists and contains the save_settings function with img parameter handling without proper file validation.

Check Version:

Check system documentation or configuration files for version 1.0 indication.

Verify Fix Applied:

Test file upload functionality with malicious files to ensure they are rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to admin panel, especially non-image files with executable extensions.
  • Multiple failed upload attempts with suspicious filenames.

Network Indicators:

  • HTTP POST requests to admin/admin_class.php with file uploads containing unusual file types.

SIEM Query:

source="web_logs" AND uri="/admin/admin_class.php" AND method="POST" AND file_extension IN ("php", "exe", "sh")

📊 Metadata

CVE ID: CVE-2024-7500
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-434
Published: August 6, 2024
Last Updated: September 11, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7500, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)