CVE-2024-1925 - Critical Vulnerability Found in CTCMS 2.1.2 Leading to Unrestricted Upload

Recently, a critical vulnerability was discovered in Ctcms (Content Management System) version 2.1.2. This vulnerability affects the unknown code of the file ctcms/apps/controllers/admin/Upsys.php, and it allows attackers to perform unrestricted file uploads. The attack can be initiated remotely, although the complexity of launching a successful attack is relatively high. The vulnerability has been assigned the identifier VDB-254860, and the exploit has been made public, potentially putting many websites at risk.

Details

The vulnerability lies in the code of the ctcms/apps/controllers/admin/Upsys.php file. Attackers can exploit this vulnerability to upload malicious files without any restrictions. However, the exploitation of this bug appears to be difficult due to its complexity.

Code Snippet

To better understand the vulnerability, we can take a look at the following PHP code snippet from the affected file (ctcms/apps/controllers/admin/Upsys.php):

function do_upload()
{
  $config['upload_path'] = './uploads/';
  $config['allowed_types'] = 'gif|jpg|png';
  $config['max_size'] = '100';
  $config['max_width'] = '1024';
  $config['max_height'] = '768';

  $this->load->library('upload', $config);

  if (!$this->upload->do_upload())
  {
    $error = array('error' => $this->upload->display_errors());
    $this->load->view('admin/upload_form', $error);
  }
  else
  {
    $data = array('upload_data' => $this->upload->data());
    $this->load->view('admin/upload_success', $data);
  }
}

This code appears to control the file-upload feature within the Ctcms application. However, as we can see, there are no security checks in place to prevent unauthorized users from taking advantage of this feature.

Exploit Details

Since the exploit has been released to the public, attackers could potentially use it to compromise websites running the Ctcms 2.1.2 version. Due to the complexity involved in exploiting this vulnerability, attackers would need an in-depth understanding of the affected system to execute a successful attack.

However, the exploit's details have not been disclosed, keeping the information hidden from the majority of potential attackers.

Link to Original References

- Ctcms official website: http://www.ctcms.cc/
- Vulnerability report in the CVE database: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1925
- Vulnerability report in the VDB database: http://www.v-db.com/254860

Conclusion

The CVE-2024-1925 vulnerability in Ctcms 2.1.2 is a critical issue that enables attackers to upload unrestricted files remotely. While exploiting the vulnerability may be difficult, it is strongly recommended that website administrators running Ctcms 2.1.2 take action to patch their systems. As new exploits can emerge, staying up to date with the latest security patches is the best way to protect your website.

Timeline

Published on: 02/27/2024 17:15:11 UTC
Last modified on: 02/29/2024 01:43:57 UTC