CVE-2024-25738

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25738
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://vufind.org/wiki/security:cve-2024-25738
Configurations

No configuration.

History

22 Aug 2024, 20:35

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de Server-Side Request Forgery (SSRF) en la ruta /Upgrade/FixConfig en Open Library Foundation VuFind 2.0 hasta 9.1 anterior a 9.1.1 permite a un atacante remoto sobrescribir archivos de configuración locales para obtener acceso al panel de administrador y lograr la ejecución remota de código. Un factor atenuante es que requiere que esté activada la configuración de tiempo de ejecución de PHP enable_url_include, que está desactivada en las instalaciones predeterminadas. También requiere que se exponga la ruta /Upgrade, que se expone de forma predeterminada después de instalar VuFind, y se recomienda deshabilitarla configurando autoConfigure en false en config.ini.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1
CWE CWE-918

22 May 2024, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-22 19:15

Updated : 2024-08-22 20:35

NVD link : CVE-2024-25738

Mitre link : CVE-2024-25738

CVE.ORG link : CVE-2024-25738

JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)