Bludit CMS Vulnerabilities: CVE-2024-24554, CVE-2024-24553, CVE-2024-24552, CVE-2024-24551, and CVE-2024-24550
June 24, 2024
Bludit, a popular open source Content Management System (CMS) written in PHP, was found to have many critical security vulnerabilities on June 24, 2024, which pose a serious threat to the security of websites using this platform.. These vulnerabilities, identified as CVE-2024-24554, CVE-2024-24553, CVE-2024-24552, CVE-2024-24551, and CVE-2024-24550, allow attackers to gain unauthorized access, execute arbitrary code, and compromise the integrity of Bludit-powered websites.
CVE-2024-24554: Insecure Token Generation
The most critical vulnerability, CVE-2024-24554, allows attackers to predict and generate sensitive tokens, such as the API token and user token, used by Bludit. This is due to Bludit's use of predictable methods in combination with the MD5 hashing algorithm to generate these tokens.
MD5 is a widely known weak hashing algorithm, and when combined with predictable methods, it becomes trivial for attackers to generate valid tokens. Once an attacker has a valid token, they can authenticate against the Bludit API and perform various malicious actions, such as retrieving sensitive information, modifying or deleting content, uploading malicious files, and executing arbitrary code on the server.
CVE-2024-24553: Insecure Password Hashing
Another critical vulnerability, CVE-2024-24553, is related to Bludit's use of the SHA-1 hashing algorithm to compute password hashes. SHA-1 is also known to be an insecure hashing algorithm, and attackers can easily determine cleartext passwords through brute-force attacks due to the inherent speed of SHA-1.
Additionally, the salt that is computed by Bludit is generated using a non-cryptographically secure function, further weakening the password hashing mechanism and making it easier for attackers to crack the passwords.
CVE-2024-24552: Session Fixation Vulnerability
Bludit is also affected by a session fixation vulnerability, identified as CVE-2024-24552. This vulnerability allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.
CVE-2024-24551 and CVE-2024-24550: Arbitrary Code Execution
Two other critical vulnerabilities, CVE-2024-24551 and CVE-2024-24550, allow attackers to execute arbitrary code on the Bludit server. These vulnerabilities arise from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
CVE-2024-24551 affects the Image API, allowing authenticated attackers to execute arbitrary code, while CVE-2024-24550 affects the File API, allowing attackers with knowledge of the API token to upload arbitrary files and achieve arbitrary code execution.
Mitigating the Vulnerabilities
To mitigate these vulnerabilities, Bludit users should take the following actions:
Update to the latest version of Bludit as soon as a patch is available to address these vulnerabilities.
Implement additional security measures, such as rate-limiting API requests and monitoring for suspicious activity.
Consider using a more secure hashing algorithm and stronger token generation methods to protect sensitive information.
It is crucial for Bludit users to stay informed about security vulnerabilities and take appropriate actions to protect their websites and data. Failure to address these issues could lead to serious security breaches and compromise the integrity of Bludit-powered websites.