CVE-2024-0352 in Likeshop
Summary
by MITRE • 01/10/2024
A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 01/26/2024
The vulnerability identified as CVE-2024-0352 represents a critical security flaw in the Likeshop e-commerce platform affecting versions up to 2.5.7.20210311. This weakness resides within the FileServer::userFormImage function located in the file server/application/api/controller/File.php component, specifically within the HTTP POST Request Handler. The vulnerability stems from inadequate input validation and sanitization mechanisms that fail to properly restrict file uploads, creating a path for malicious actors to bypass security controls.
The technical exploitation of this vulnerability occurs through manipulation of the file argument in HTTP POST requests, which allows attackers to upload arbitrary files to the affected system without proper authorization or validation. This unrestricted upload capability enables attackers to potentially deploy malicious code, web shells, or other harmful payloads on the target server. The vulnerability's remote exploitability means that attackers can leverage this flaw from external networks without requiring physical access to the system, significantly expanding the attack surface and potential impact.
From an operational standpoint, this vulnerability presents severe consequences for organizations using affected Likeshop versions, as it could lead to complete system compromise, data breaches, and unauthorized access to sensitive customer information. The disclosure of exploitation methods and the public availability of the vulnerability further amplifies the risk, as threat actors can readily implement attacks against unpatched systems. The potential for persistent malicious presence on the server through uploaded files creates long-term security implications that extend beyond the initial exploitation phase.
Organizations should immediately implement mitigations including patching to the latest stable version of Likeshop, implementing strict file type validation and content verification mechanisms, and deploying web application firewalls to monitor and block suspicious upload activities. The vulnerability aligns with CWE-434 which describes insecure file upload vulnerabilities, and represents a significant concern under the ATT&CK framework's initial access and persistence tactics. Additional protective measures should include restricting upload permissions, implementing content inspection for uploaded files, and establishing comprehensive monitoring of file upload activities to detect anomalous behavior. Regular security assessments and vulnerability scanning should be conducted to identify similar weaknesses in other components of the application stack.