प्लेटफ़ॉर्म
php
घटक
mirage
में ठीक किया गया
3.1.2
A code injection vulnerability has been identified in Form Tools versions 3.1.1. This issue resides within the Setting Handler component, specifically the /admin/settings/index.php?page=accounts file. Attackers can exploit this vulnerability by manipulating the 'Page Theme' argument, potentially leading to unauthorized code execution. The vulnerability has been publicly disclosed and a fix is available in version 3.1.2.
Successful exploitation of CVE-2024-6936 allows an attacker to inject and execute arbitrary code on the server hosting Form Tools. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could potentially gain administrative access to the Form Tools installation and any associated databases. Given the web-based nature of Form Tools, this vulnerability could also be leveraged for lateral movement within the network if the server has access to other internal resources. The impact is amplified if Form Tools is used to handle sensitive user data, as this data could be exposed or manipulated.
This vulnerability was publicly disclosed on 2024-07-21. The vulnerability identifier is VDB-271991. The vendor was contacted but did not respond. No public proof-of-concept (PoC) code has been widely reported, but the disclosure indicates the vulnerability is exploitable. The low CVSS score suggests the exploit may require specific conditions or user interaction.
Organizations using Form Tools 3.1.1 are at risk, particularly those hosting the application on publicly accessible servers or shared hosting environments. Those using Form Tools to collect and store sensitive user data are at higher risk due to the potential for data compromise.
• php: Examine web server access logs for requests to /admin/settings/index.php?page=accounts with unusual or malformed 'Page Theme' parameters. Use grep to search for patterns indicative of code injection attempts.
grep 'Page Theme=[^a-zA-Z0-9_]' /var/log/apache2/access.log• generic web: Use curl to test the /admin/settings/index.php?page=accounts endpoint with various payloads in the 'Page Theme' parameter and observe the server's response for signs of code execution.
curl 'http://your-formtools-server/admin/settings/index.php?page=accounts&Page Theme=<script>alert("XSS")</script>' -vdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.11% (29% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-6936 is to upgrade Form Tools to version 3.1.2 or later, which contains the fix. If an immediate upgrade is not possible, consider implementing temporary workarounds such as restricting access to the /admin/settings/index.php?page=accounts endpoint to trusted users only. Web Application Firewalls (WAFs) can be configured to filter requests containing suspicious input in the 'Page Theme' parameter. Thoroughly review and sanitize all user input before processing it within the Form Tools application.
फॉर्म टूल्स को 3.1.1 के बाद के संस्करण में अपडेट करें, यदि उपलब्ध हो, जहां कोड इंजेक्शन भेद्यता को ठीक किया गया है। यदि कोई ठीक किया गया संस्करण उपलब्ध नहीं है, तो समाधान प्रकाशित होने तक प्रभावित घटक को अक्षम या हटाने पर विचार करें। विक्रेता के सुरक्षा अपडेट की निगरानी करें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-6936 is a code injection vulnerability in Form Tools 3.1.1 affecting the Setting Handler. Attackers can inject code by manipulating the 'Page Theme' parameter, potentially leading to remote code execution.
Yes, if you are running Form Tools version 3.1.1, you are vulnerable to this code injection flaw. Upgrade to version 3.1.2 or later to mitigate the risk.
The recommended fix is to upgrade Form Tools to version 3.1.2 or later. As a temporary workaround, restrict access to the vulnerable endpoint and implement WAF rules.
While no widespread exploitation has been confirmed, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation. Monitor your systems for suspicious activity.
The vulnerability is documented in the VDB (Vulnerability Database) with identifier VDB-271991. Refer to the Form Tools website or community forums for updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।