CVE-2024-58136 Scanner
CVE-2024-58136 Scanner - Remote Code Execution vulnerability in Yii2 PHP Framework
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
9 days 17 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
The Yii2 PHP Framework is a popular open-source software framework used for developing web applications with PHP. It is widely adopted by developers looking for a high-performance PHP framework that supports rapid development. Designed to streamline complex tasks in extensive web applications, this framework offers powerful tools for developing full-featured websites. Often utilized by businesses from startups to large enterprises, Yii2 is preferred for its sophisticated caching, testing, and debugging capabilities. However, like any widely-used software, it requires continuous updates and security patches to ensure its components remain secure from emerging threats.
The vulnerability present in the Yii2 PHP Framework before version 2.0.52 allows for remote code execution. This creates a significant risk as attackers can exploit the improper validation of the __class key in JSON behaviors. By manipulating this functionality, an attacker may instantiate arbitrary PHP classes, leading to the execution of unauthorized code. This type of vulnerability undermines application security, potentially leading to severe breaches.
Technically, this vulnerability exists due to insufficient input validation in specific JSON behaviors within the framework. The use of the "__class" key to manipulate class instantiation without proper security checks is the root cause. Furthermore, utilizing functions like "system" within unauthorized contexts allows malicious actors to execute commands remotely. These vulnerabilities often occur when code fails to enforce strict type and input validation mechanisms, allowing hostile code to propagate undesirably.
If exploited, this vulnerability can lead to unauthorized execution of code, potentially resulting in full system compromise. An attacker could execute arbitrary commands on the server, modify data, or pivot to deeper parts of the network. This could result in data breaches, service disruptions, or complete system control by malicious entities, severely impacting the integrity, availability, and confidentiality of the affected application.
REFERENCES
