Login Sign Up

CVE-2024-7705

4.7 MEDIUM

📋 TL;DR

This vulnerability allows remote attackers to upload arbitrary files to Fujian mwcms 1.0.0 systems via the image upload function. Attackers can exploit this to upload malicious files like webshells, potentially gaining unauthorized access or control. All systems running the vulnerable version with the upload feature accessible are affected.

💻 Affected Systems

Products:
  • Fujian mwcms
Versions: 1.0.0
Operating Systems: Any OS running the application
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default installation with upload functionality enabled

📦 What is this software?

Mwcms by Mainwww

View all CVEs affecting Mwcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via webshell upload leading to data theft, ransomware deployment, or use as attack platform

🟠

Likely Case

Unauthorized file upload leading to webshell installation and limited server access

🟢

If Mitigated

File upload attempts blocked or sanitized, preventing malicious file execution

🌐 Internet-Facing: HIGH - Remote exploitation possible without authentication
🏢 Internal Only: MEDIUM - Still exploitable from internal networks but attack surface reduced

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit available, requires only web access to upload endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider alternative CMS or implement workarounds.

🔧 Temporary Workarounds

Disable upload functionality

all

Remove or restrict access to /uploadeditor.html endpoint

# Web server configuration to block access to vulnerable endpoint
# Example for Apache: RewriteRule ^/uploadeditor\.html - [F]
# Example for Nginx: location = /uploadeditor.html { deny all; }

Implement file upload restrictions

all

Add server-side validation for file types, extensions, and content

# Modify upload handling code to validate:
# 1. File extension against whitelist
# 2. MIME type verification
# 3. File content scanning
# 4. Size limits

🧯 If You Can't Patch

  • Implement WAF rules to block malicious upload patterns
  • Isolate affected system in network segment with strict egress filtering

🔍 How to Verify

Check if Vulnerable:

Test if /uploadeditor.html?action=uploadimage accepts non-image files without proper validation

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Attempt to upload malicious file types and verify they are rejected

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to /uploadeditor.html
  • Uploads of non-image file types
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to /uploadeditor.html with suspicious file contents
  • Traffic patterns indicating file upload exploitation

SIEM Query:

web.url:*uploadeditor.html AND (http.method:POST OR file.extension:(php|asp|jsp|exe))

📊 Metadata

CVE ID: CVE-2024-7705
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-434
Published: August 12, 2024
Last Updated: September 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7705, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)