CVE-2024-45894 is a vulnerability affecting BlueCMS version 1.6, specifically involving an arbitrary file deletion flaw. The issue arises from insufficient validation of the file_name parameter in the /admin/database.php script when the action parameter is set to 'del'. Authenticated users with high privileges can exploit this flaw to delete arbitrary files on the server, potentially removing critical system or application files. This vulnerability is categorized under CWE-552, which involves file deletion without proper authorization or validation. The attack vector is network-based (AV:N), requiring low attack complexity (AC:L), but it mandates that the attacker has high privileges (PR:H) and does not require user interaction (UI:N). The scope remains unchanged (S:U), and the impact affects integrity (I:H) but not confidentiality or availability. No public exploits or patches have been reported yet, indicating that the vulnerability is newly disclosed. The lack of patches means organizations must rely on compensating controls until an official fix is released. The vulnerability could be leveraged to disrupt CMS operations, remove important database files, or cause data loss, impacting the reliability and integrity of affected systems.

The primary impact of CVE-2024-45894 is on the integrity of affected systems, as attackers with administrative privileges can delete arbitrary files, potentially including critical configuration or database files. This can lead to partial or complete disruption of the CMS functionality, data loss, and increased downtime. Although confidentiality and availability are not directly impacted, the deletion of key files could indirectly cause service interruptions. Organizations relying on BlueCMS 1.6 for content management may face operational disruptions, loss of data integrity, and increased recovery costs. The requirement for high privilege limits the attack surface to insiders or compromised administrator accounts, but the risk remains significant in environments with weak access controls or insider threats. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as proof-of-concept exploits may emerge. Overall, the vulnerability could be exploited to sabotage CMS operations or cover tracks by deleting logs or audit trails.

To mitigate CVE-2024-45894, organizations should immediately restrict administrative access to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA). Implement strict access control policies and regularly audit admin accounts for suspicious activity. Until an official patch is released, consider deploying web application firewalls (WAFs) with custom rules to detect and block suspicious requests targeting /admin/database.php with the 'act=del' parameter. Monitor server logs for unusual file deletion activities, especially those initiated via the file_name parameter. Backup critical CMS files and databases frequently to enable rapid recovery in case of file deletion. Review and harden the CMS configuration to minimize unnecessary privileges and disable or restrict the vulnerable functionality if feasible. Engage with the BlueCMS vendor or community to track patch releases and apply updates promptly once available. Additionally, conduct penetration testing and vulnerability assessments to identify any exploitation attempts.