CVE-2024-41304 identifies a vulnerability in WonderCMS version 3.4.3 within the uploadFileAction() function, which handles file uploads. The vulnerability allows an attacker with low privileges (PR:L) to upload arbitrary files, specifically crafted SVG files, that can be used to execute arbitrary code on the server. SVG files are XML-based vector images that can contain embedded scripts or malicious payloads if not properly sanitized. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code), indicating that the system fails to properly validate or restrict the content of uploaded files, enabling code injection or execution. The CVSS 3.1 base score is 5.4, reflecting a medium severity with the vector AV:P (physical access), AC:L (low complexity), PR:L (low privileges), UI:N (no user interaction), and impacts on confidentiality (low), integrity (high), and availability (low). The attack does not require user interaction, increasing its risk profile. No patches or fixes have been published yet, and no known exploits have been observed in the wild. This vulnerability could be exploited to gain unauthorized code execution, potentially leading to further compromise of the affected system and its data.

The vulnerability allows attackers to execute arbitrary code by uploading malicious SVG files, potentially leading to unauthorized access, data manipulation, or disruption of services. Confidentiality impact is low, as the attacker must already have some level of access, but integrity impact is high because arbitrary code execution can alter system files or data. Availability impact is low but possible if the attacker disrupts services or causes system instability. Organizations using WonderCMS 3.4.3 risk server compromise, data breaches, or defacement of websites. The medium CVSS score indicates a moderate threat level, but the lack of required user interaction and low privilege needed to exploit increases the likelihood of exploitation. The absence of known exploits in the wild suggests the threat is emerging but should be addressed proactively to prevent future attacks.

1. Immediately restrict file upload permissions to trusted users only and disable file uploads where not necessary. 2. Implement strict server-side validation and sanitization of uploaded files, especially SVGs, to disallow embedded scripts or malicious content. 3. Employ allowlisting of file types and reject all files that do not conform to safe formats. 4. Use web application firewalls (WAFs) to detect and block suspicious file upload attempts. 5. Monitor server logs and file upload directories for unusual activity or unexpected file types. 6. Isolate the CMS environment using containerization or sandboxing to limit the impact of potential code execution. 7. Stay alert for official patches or updates from WonderCMS and apply them promptly once available. 8. Educate administrators and developers about secure file handling practices and the risks of arbitrary file uploads.