CVE-2024-7906 – This critical vulnerability in DedeBIZ 6.3.0 al... (How to Fix)

Q: What is the severity of CVE-2024-7906?

CVE-2024-7906 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in DedeBIZ 6.3.0 allows remote attackers to upload arbitrary files without restrictions via the get_mime_type function in the attachment settings component. This affects all DedeBIZ 6.3.0 installations with the vulnerable component enabled. Attackers can exploit this to upload malicious files and potentially execute arbitrary code on the server.

📋 TL;DR

This critical vulnerability in DedeBIZ 6.3.0 allows remote attackers to upload arbitrary files without restrictions via the get_mime_type function in the attachment settings component. This affects all DedeBIZ 6.3.0 installations with the vulnerable component enabled. Attackers can exploit this to upload malicious files and potentially execute arbitrary code on the server.

💻 Affected Systems

Products:

DedeBIZ

Versions: 6.3.0

Operating Systems: Any OS running DedeBIZ

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with the /admin/dialog/select_images_post.php component accessible are vulnerable. The vulnerability is in core functionality.

📦 What is this software?

Dedebiz by Dedebiz

View all CVEs affecting Dedebiz →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Webshell upload allowing persistent backdoor access, file system manipulation, and potential privilege escalation.

🟢

If Mitigated

File upload blocked or sanitized, preventing malicious file execution while maintaining legitimate attachment functionality.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication, making internet-facing instances immediately vulnerable.

🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require network access, reducing exposure surface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code has been publicly disclosed on GitHub. The vulnerability requires minimal technical skill to exploit due to unrestricted file upload.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Restrict access to vulnerable component

all

Block or restrict access to /admin/dialog/select_images_post.php file

# Apache: RewriteRule ^admin/dialog/select_images_post\.php$ - [F,L]
# Nginx: location ~ ^/admin/dialog/select_images_post\.php$ { deny all; }

Implement file upload validation

all

Add server-side validation for file uploads including MIME type checking and file extension validation

# Example PHP validation snippet: if (!in_array($_FILES['upload']['type'], ['image/jpeg', 'image/png'])) { die('Invalid file type'); }

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious file upload patterns
Disable file upload functionality entirely if not required for business operations

🔍 How to Verify

Check if Vulnerable:

Check if /admin/dialog/select_images_post.php exists and is accessible. Attempt to upload a non-image file with modified headers.

Check Version:

Check DedeBIZ version in configuration files or admin panel. Look for version 6.3.0 in installation.

Verify Fix Applied:

Test file upload functionality with various file types. Ensure only allowed file types are accepted and properly validated.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /admin/dialog/select_images_post.php
Uploads of non-image files with image MIME types
Multiple failed upload attempts with different file types

Network Indicators:

POST requests to vulnerable endpoint with unusual file payloads
Uploads of executable files (.php, .exe) disguised as images

SIEM Query:

source="web_server" AND (uri="/admin/dialog/select_images_post.php" AND method="POST" AND (file_extension!="jpg" OR file_extension!="png" OR file_extension!="gif"))

📊 Metadata

CVE ID: CVE-2024-7906

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-434

Published: August 18, 2024

Last Updated: September 27, 2024

🔗 References

https://github.com/DeepMountains/Mirage/blob/main/CVE17-4.md Broken Link
https://vuldb.com/?ctiid.275032 Permissions Required
https://vuldb.com/?id.275032 Third Party Advisory
https://vuldb.com/?submit.388363 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7906, you might also want to check these: