CVE-2024-46210
Published: 10 January 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2024-46210 is an arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS version 5.17.1. The flaw, associated with CWE-434 (Unrestricted Upload of File with Dangerous Type), enables attackers to execute arbitrary code by uploading a crafted file. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-10.
The vulnerability can be exploited over the network by attackers with high privileges, such as authenticated administrative users, requiring low complexity and no user interaction. Successful exploitation allows remote code execution, resulting in high impacts on confidentiality, integrity, and availability within the affected system's scope.
References include a GitHub Gist at https://gist.github.com/h4ckr4v3n/26eaa57d94f749b597ede8b404c234df and a research repository at https://github.com/h4ckr4v3n/research_redaxo_5_17_1.git. No specific mitigation or patch details from advisories are provided in the available information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Arbitrary file upload vulnerability in Redaxo CMS MediaPool enables exploitation of a public-facing web application (T1190) to upload crafted PHP files for remote code execution, equivalent to deploying web shells (T1100, T1505.003). Authenticated RCE via templates and cronjobs further facilitates server-side code execution.