9.1 CVE-2024-4990

Exploit

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access.
https://nvd.nist.gov/vuln/detail/CVE-2024-4990

Categories

CWE-470 : Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
If the product uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select unexpected classes or methods. If this occurs, then the attacker could create control flow paths that were not intended by the developer. These paths could bypass authentication or access control checks, or otherwise cause the product to behave in an unexpected manner. This situation becomes a doomsday scenario if the attacker can upload files into a location that appears on the product's classpath (CWE-427) or add new entries to the product's classpath (CWE-426). Under either of these conditions, the attacker can use reflection to introduce new, malicious behavior into the product.

References

134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit

https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f Exploit

security@huntr.dev Exploit

https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f Exploit

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:yiiframework:yii:2.0.48:::::::*

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f
https://huntr.com/bounties/4fbdd965-02b6-42e4-b57b-f98f93415b8f

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
138	Reflection Injection An adversary supplies a value to the target application which is then used by reflection methods to identify a class, method, or field. For example, in the Java programming language the reflection libraries permit an application to inspect, load, and invoke classes and their components by name. If an adversary can control the input into these methods including the name of the class/method/field or the parameters passed to methods, they can cause the targeted application to invoke incorrect methods, read random fields, or even to load and utilize malicious classes that the adversary created. This can lead to the application revealing sensitive information, returning incorrect results, or even having the adversary take control of the targeted application.	Very High

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee