CVE-2024-54724
Published: 09 January 2025
Summary
CVE-2024-54724 is a critical-severity Code Injection (CWE-94) vulnerability in Phpyun (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 43.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-7 (Software, Firmware, and Information Integrity).
Deeper analysis
CVE-2024-54724 is a critical code execution vulnerability in PHPYun versions prior to 7.0.2, stemming from a backdoor that enables restricted arbitrary file writing combined with file inclusion. Classified under CWE-94 (Code Injection), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), highlighting its potential for severe impact due to network accessibility, low attack complexity, and no prerequisites for privileges or user interaction.
Remote, unauthenticated attackers can exploit this vulnerability over the network to achieve arbitrary code execution on the target system. By leveraging the backdoor's file writing and inclusion mechanisms, attackers gain high-level control over confidentiality, integrity, and availability, potentially leading to full system compromise.
Advisories recommend upgrading to PHPYun 7.0.2 or later to mitigate the issue. Further details are provided in references at http://phpyun.com and https://github.com/la12138la/detail/blob/main/1.md.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52655
Vulnerability details
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct RCE via unauthenticated exploitation of public-facing PHP app backdoor using file write + inclusion, enabling web shell deployment.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the backdoor vulnerability in PHPYun by applying patches or upgrading to version 7.0.2 or later as recommended.
Monitors and verifies the integrity of application files to detect and prevent unauthorized modifications from the backdoor's arbitrary file writing.
Validates user inputs to block malicious payloads exploiting the backdoor for file inclusion and code injection.