Plateforme
php
Composant
ibwebadmin
Corrigé dans
1.0.1
1.0.2
1.0.3
CVE-2024-11240 is a problematic cross-site scripting (XSS) vulnerability affecting IBPhoenix ibWebAdmin versions 1.0.0 through 1.0.2. This vulnerability allows attackers to inject malicious scripts into the application, potentially compromising user data and system integrity. A fix is available in version 1.0.3, and the vulnerability has been publicly disclosed.
The XSS vulnerability in ibWebAdmin allows an attacker to inject arbitrary JavaScript code into the application's web pages. This can be exploited to steal user cookies, redirect users to malicious websites, or deface the application. Successful exploitation requires an attacker to manipulate the 'dbloginrole' parameter within the /database.php file. Given the publicly disclosed nature of this vulnerability, it presents a significant risk, especially for systems that haven't been patched. The impact could range from minor annoyance for users to complete compromise of the web application and its underlying database.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. While the CVSS score is LOW, the ease of exploitation and the potential impact warrant immediate attention. No known active campaigns targeting this specific vulnerability have been reported, but the public availability of the disclosure means attackers are likely aware of it. The vulnerability was disclosed on 2024-11-15.
Organizations using IBPhoenix ibWebAdmin for database administration, particularly those relying on the web interface for management tasks, are at risk. Shared hosting environments where multiple users share the same ibWebAdmin instance are especially vulnerable, as an attacker could potentially compromise other users' accounts.
• php / web: Examine access logs for requests to /database.php with unusual or suspicious values in the 'dbloginrole' parameter. Use grep to search for patterns indicative of XSS payloads within these requests.
grep 'db_login_role=<script>' /var/log/apache2/access.log• generic web: Use curl to test the /database.php endpoint with a simple XSS payload to confirm vulnerability.
curl 'http://<target>/database.php?db_login_role=<script>alert("XSS")</script>'• generic web: Check response headers for signs of XSS injection (e.g., Content-Security-Policy headers that are not properly configured). • php: Review the source code of /database.php for inadequate input validation on the 'dbloginrole' parameter.
disclosure
Statut de l'Exploit
EPSS
0.09% (percentile 25%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-11240 is to upgrade ibWebAdmin to version 1.0.3 or later, which contains the fix. If upgrading immediately is not possible, consider implementing temporary workarounds. Input validation on the 'dbloginrole' parameter in /database.php can help prevent malicious input. Web application firewalls (WAFs) configured to detect and block XSS payloads targeting this specific file and parameter can also provide a layer of protection. Monitor access logs for suspicious requests targeting /database.php with unusual 'dbloginrole' values.
Actualice ibWebAdmin a una versión posterior a 1.0.2, si está disponible, para corregir la vulnerabilidad XSS. Si no hay una actualización disponible, considere deshabilitar o eliminar el componente Banco de Dados Tab hasta que se publique una solución. Como medida temporal, implemente validación y sanitización de entradas en el lado del servidor para el parámetro db_login_role.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-11240 is a cross-site scripting (XSS) vulnerability in IBPhoenix ibWebAdmin versions 1.0.0–1.0.2, allowing attackers to inject malicious scripts.
You are affected if you are using IBPhoenix ibWebAdmin versions 1.0.0 through 1.0.2 and have not upgraded.
Upgrade to version 1.0.3 or later to remediate the vulnerability. Implement input validation as a temporary workaround.
While no active campaigns are confirmed, the vulnerability is publicly disclosed, increasing the risk of exploitation.
Refer to the IBPhoenix website or security mailing lists for the official advisory regarding CVE-2024-11240.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.