Plateforme
php
Composant
quick-cms
Corrigé dans
6.7.1
CVE-2024-11992 describes a critical path traversal vulnerability affecting Quick.CMS versions 6.7 through 6.7. This flaw allows unauthorized remote users to bypass intended access controls and potentially download or delete sensitive files on the server. The vulnerability stems from insufficient input validation within the admin.php page, specifically the aDirFiles[0] parameter. A patch, version 6.7.1, has been released to address this issue.
The impact of CVE-2024-11992 is significant due to the potential for complete data compromise. An attacker exploiting this vulnerability can leverage the path traversal to read arbitrary files from the server, including configuration files, database credentials, and source code. Furthermore, the vulnerability allows for file deletion, potentially disrupting the entire application and leading to denial of service. Successful exploitation requires no authentication, making it a high-priority risk. This vulnerability shares similarities with other path traversal exploits where attackers manipulate file paths to access unauthorized resources.
CVE-2024-11992 was publicly disclosed on November 29, 2024. The vulnerability's critical severity and ease of exploitation suggest a potential for active exploitation. Currently, there are no known public exploits, but the lack of authentication required makes it a prime target. Monitor security advisories and threat intelligence feeds for any indications of exploitation campaigns. This CVE has not yet been added to the CISA KEV catalog.
Organizations using Quick.CMS version 6.7 are at immediate risk. This includes websites and applications hosted on shared hosting environments where the server configuration might allow for broader file access. Those with sensitive data stored on the server, such as user credentials or financial information, are particularly vulnerable.
• generic web: Use curl to test for path traversal vulnerabilities by appending ../ sequences to the aDirFiles[0] parameter in the admin.php page.
curl 'http://your-quickcms-server/admin.php?aDirFiles%5B0%5D=../../../../etc/passwd' • linux / server: Monitor access logs (e.g., /var/log/apache2/access.log) for requests containing ../ sequences in the aDirFiles[0] parameter.
grep 'aDirFiles%5B0%5D=../' /var/log/apache2/access.log• generic web: Check response headers for unexpected file content or server errors indicating unauthorized file access. • generic web: Use a vulnerability scanner to automatically detect path traversal vulnerabilities in the application.
disclosure
Statut de l'Exploit
EPSS
0.15% (percentile 36%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-11992 is to immediately upgrade Quick.CMS to version 6.7.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the admin.php page using a Web Application Firewall (WAF) or proxy server, blocking requests with suspicious characters in the aDirFiles[0] parameter. Carefully review and restrict file permissions on the server to minimize the impact of potential file deletion. Monitor access logs for unusual file access patterns that might indicate exploitation attempts. After upgrading, verify the fix by attempting to access files outside the intended document root via the admin.php page – access should be denied.
Mettez à jour Quick.CMS vers une version corrigée qui résout la vulnérabilité de parcours de chemin. Consultez le site web du fournisseur pour obtenir la dernière version et les instructions de mise à jour. Si aucune version corrigée n'est disponible, envisagez de désactiver ou de supprimer le composant affecté jusqu'à ce qu'une solution soit publiée.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-11992 is a critical path traversal vulnerability in Quick.CMS versions 6.7–6.7, allowing attackers to access or delete files outside the intended directory.
Yes, if you are running Quick.CMS version 6.7, you are vulnerable. Upgrade to version 6.7.1 or later to mitigate the risk.
Upgrade Quick.CMS to version 6.7.1 or later. As a temporary workaround, restrict access to the admin.php page using a WAF or proxy.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a potential for active exploitation. Monitoring is advised.
Refer to the Quick.CMS official website or security advisories for the latest information and updates regarding CVE-2024-11992.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.