PoC Week 2024-09-02
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.
CVE-2024-7954
- Severity: 9.8 CRITICAL
- Impacted Products: porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16
- Description: Arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-7954
- PoC: https://github.com/bigb0x/CVE-2024-7954/
CVE-2024-5932
- Severity: 10 CRITICAL
- Impacted Products: GiveWP WordPress plugin <= 3.14.1
- Description: PHP Object Injection via deserialization of untrusted input from the ‘give_title’ parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-5932
- PoC: https://github.com/EQSTLab/CVE-2024-5932/
CVE-2024-4577
- Severity: 9.8 CRITICAL
- Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.
- Description: Windows may use “Best-Fit” behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-4577
- PoC: https://github.com/watchtowrlabs/CVE-2024-4577/
CVE-2024-45169
- Severity: Awaiting analysis
- Impacted Products: UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12.
- Description: Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution via the \xB0\x00\x3c byte sequence.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-45169
- PoC: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-052.txt
CVE-2024-45167
- Severity: Awaiting analysis
- Impacted Products: UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12.
- Description: Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a memory buffer, IDOL2 is vulnerable to Denial-of-Service (DoS) attacks and possibly remote code execution. A certain XmlMessage document causes 100% CPU consumption.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-45167
- PoC: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-051.txt
CVE-2024-42559
- Severity: 9.8 CRITICAL
- Impacted Products: Hotel Management System commit 79d688.
- Description: An issue in the login component (process_login.php) of Hotel Management System commit 79d688 allows attackers to authenticate without providing a valid password.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-42559
- PoC: https://gist.github.com/topsky979/99d2ebf7b5598ef227262ba1b2bb392f
CVE-2024-40453
- Severity: 9.8 CRITICAL
- Impacted Products: squirrellyjs squirrelly v9.0.0.
- Description: Code injection vulnerability via the component options.varName.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-40453
- PoC: https://samuzora.com/posts/cve-2024-40453/
CVE-2024-38856
- Severity: 9.8 CRITICAL
- Impacted Products: Apache OFBiz: through 18.12.14.
- Description: Unauthenticated endpoints could allow execution of screen rendering code of screens if some preconditions are met (such as when the screen definitions don’t explicitly check user’s permissions because they rely on the configuration of their endpoints).
- Remediation: Users are recommended to upgrade to version 18.12.15, which fixes the issue.
- More Info: CVE-2024-38856
- PoC: https://github.com/Praison001/CVE-2024-38856-ApacheOfBiz/
CVE-2024-38063
- Severity: 9.8 CRITICAL
- Impacted Products: Various Windows products before recent updates.
- Description: Windows TCP/IP Remote Code Execution Vulnerability. (Looks like more of a theoretical vuln, reliable PoCs don’t seem to be available and Microsoft’s temporal score for exploit code maturity is currently at ‘Unproven’ - Ed)
- Remediation: Check the Microsoft update guide here
- More Info: CVE-2024-38063
- PoC: https://github.com/haroonawanofficial/CVE-2024-38063-Research-Tool/
CVE-2024-28000
- Severity: 9.8 CRITICAL
- Impacted Products: LiteSpeed Cache: from 1.9 through 6.3.0.1.
- Description: Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.
- Remediation: Follow developer guidance.
- More Info: CVE-2024-28000
- PoC: https://github.com/Alucard0x1/CVE-2024-28000/
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.