NetAlertX Unauthenticated Command Injection Vulnerability Leading to Remote Code Execution
Vulnerability
A command injection vulnerability allowing unauthenticated remote code execution has been identified in NetAlertX versions 23.01.14 through 24.x prior to 24.10.12. The issue arises in the settings update functionality, where the 'function=savesettings' parameter can be exploited without authentication. This vulnerability is related to the 'settings.php' and 'util.php' files.
Impact
Exploitation of this vulnerability allows for unauthenticated command injection, which can lead to remote code execution on the server where NetAlertX is running.
Reproduction
The vulnerability can be reproduced by sending a POST request to 'util.php' with the 'function=savesettings' parameter. This request can be made without any authentication, which allows the 'saveSettings()' function to be executed. The 'saveSettings()' function will then update the plugin command and reload the application, executing any plugins set to run at initialization, resulting in remote code execution.
Remediation
Users can update to NetAlertX version 24.10.12 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.