Plattform
php
Komponente
mirage
Behoben in
3.1.2
A code injection vulnerability has been identified in Form Tools versions 3.1.1. This issue resides within the Setting Handler component, specifically the /admin/settings/index.php?page=accounts file. Attackers can exploit this vulnerability by manipulating the 'Page Theme' argument, potentially leading to unauthorized code execution. The vulnerability has been publicly disclosed and a fix is available in version 3.1.2.
Successful exploitation of CVE-2024-6936 allows an attacker to inject and execute arbitrary code on the server hosting Form Tools. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could potentially gain administrative access to the Form Tools installation, allowing them to manipulate forms, access sensitive data collected through those forms, and even pivot to other systems on the network if the Form Tools server has access to internal resources. Given the nature of Form Tools as a form processing application, sensitive user data such as personal information, financial details, and other confidential data could be at risk.
This vulnerability was publicly disclosed on 2024-07-21. The vendor was contacted but did not respond. The vulnerability is tracked as VDB-271991. While no active exploitation campaigns have been publicly confirmed, the availability of a public disclosure increases the likelihood of exploitation. The CVSS score of 2.7 (LOW) suggests a relatively low probability of exploitation, but the ease of exploitation could change this assessment.
Organizations using Form Tools 3.1.1 are at risk, particularly those hosting the application on publicly accessible servers or shared hosting environments. Those using Form Tools to collect and store sensitive user data are at higher risk due to the potential for data compromise.
• php: Examine web server access logs for requests to /admin/settings/index.php?page=accounts with unusual or malformed 'Page Theme' parameters. Use grep to search for patterns indicative of code injection attempts.
grep 'Page Theme=[^a-zA-Z0-9_]' /var/log/apache2/access.log• generic web: Use curl to test the /admin/settings/index.php?page=accounts endpoint with various payloads in the 'Page Theme' parameter and observe the server's response for signs of code execution.
curl 'http://your-formtools-server/admin/settings/index.php?page=accounts&Page Theme=<script>alert("XSS")</script>' -vdisclosure
Exploit-Status
EPSS
0.11% (29% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-6936 is to upgrade Form Tools to version 3.1.2 or later, which contains the fix. If an immediate upgrade is not possible due to compatibility issues or downtime constraints, consider implementing temporary workarounds. While a direct WAF rule targeting the 'Page Theme' parameter might be challenging, carefully scrutinizing requests to /admin/settings/index.php?page=accounts for unusual or unexpected values could provide some level of protection. Reviewing and restricting access to the /admin/ directory is also recommended. After upgrading, confirm the vulnerability is resolved by attempting the code injection exploit with a benign payload and verifying that it is blocked.
Form Tools auf eine Version nach 3.1.1 aktualisieren, falls verfügbar, in der die Code-Injection-Vulnerabilität behoben wurde. Falls keine korrigierte Version verfügbar ist, erwägen Sie, die betroffene Komponente zu deaktivieren oder zu entfernen, bis eine Lösung veröffentlicht wird. Überwachen Sie die Sicherheitsupdates des Anbieters.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-6936 is a code injection vulnerability in Form Tools 3.1.1 affecting the Setting Handler. Attackers can inject code by manipulating the 'Page Theme' parameter, potentially leading to remote code execution.
Yes, if you are running Form Tools version 3.1.1, you are vulnerable to this code injection flaw. Upgrade to version 3.1.2 or later to mitigate the risk.
The recommended fix is to upgrade Form Tools to version 3.1.2 or later. As a temporary workaround, restrict access to the vulnerable endpoint and implement WAF rules.
While no widespread exploitation has been confirmed, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems for suspicious activity.
The vulnerability is documented in the VDB (Vulnerability Database) with identifier VDB-271991. Refer to the Form Tools website or community forums for updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.