CVE-2024-54724

CVE-2024-54724 is a critical code execution vulnerability in PHPYun versions prior to 7.0.2, stemming from a backdoor that enables restricted arbitrary file writing combined with file inclusion. Classified under CWE-94 (Code Injection), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its potential for severe impact due to network accessibility, low attack complexity, and no prerequisites for privileges or user interaction.

Remote, unauthenticated attackers can exploit this vulnerability over the network to achieve arbitrary code execution on the target system. By leveraging the backdoor's file writing and inclusion mechanisms, attackers gain high-level control over confidentiality, integrity, and availability, potentially leading to full system compromise.

Advisories recommend upgrading to PHPYun 7.0.2 or later to mitigate the issue. Further details are provided in references at http://phpyun.com and https://github.com/la12138la/detail/blob/main/1.md.