CVE-2024-54375 is a security vulnerability classified as an improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability, found in the Sabri Woolook product up to version 1.7.0. This vulnerability allows an attacker to perform PHP Local File Inclusion (LFI) by manipulating file path inputs to include arbitrary files from the server's filesystem. The root cause is insufficient validation or sanitization of user-supplied input that controls file paths, enabling traversal outside the intended directory scope. When exploited, attackers can read sensitive files such as configuration files, password stores, or application source code, potentially leading to information disclosure. In some cases, LFI can be leveraged to execute arbitrary code if combined with other vulnerabilities or if the attacker can upload malicious files. The vulnerability does not require authentication, increasing its risk profile. Although no public exploits are currently known, the nature of LFI vulnerabilities makes them attractive targets for attackers seeking to compromise web servers. Woolook is a PHP-based application, and the vulnerability affects all versions up to and including 1.7.0. The lack of a CVSS score indicates that the vulnerability is newly published and awaiting further analysis. The vulnerability was reserved on December 2, 2024, and published on December 16, 2024, by Patchstack. No patches or fixes are currently linked, so users must rely on mitigations until official updates are released.

The impact of CVE-2024-54375 on organizations worldwide can be significant. Successful exploitation can lead to unauthorized disclosure of sensitive information such as credentials, configuration files, and internal application data, undermining confidentiality. Furthermore, attackers may achieve remote code execution by including malicious files or chaining this vulnerability with other exploits, threatening system integrity and availability. This can result in full server compromise, data breaches, and disruption of services. Organizations relying on Woolook for web applications, especially those handling sensitive or regulated data, face increased risk of compliance violations and reputational damage. The ease of exploitation without authentication broadens the attack surface, allowing remote attackers to target vulnerable systems directly. The absence of known exploits currently provides a limited window for mitigation, but the vulnerability's characteristics suggest a high likelihood of future exploitation attempts. Overall, the threat poses a high risk to affected organizations, particularly those with internet-facing Woolook deployments.

To mitigate CVE-2024-54375 effectively, organizations should take the following specific actions: 1) Immediately audit all Woolook installations to identify affected versions (<= 1.7.0) and isolate vulnerable instances from public access where possible. 2) Implement strict input validation and sanitization on all user-supplied parameters that influence file paths, enforcing whitelist-based directory restrictions and rejecting traversal sequences such as '../'. 3) Employ web application firewalls (WAFs) with custom rules to detect and block path traversal attempts and suspicious file inclusion patterns. 4) Restrict file system permissions so that the web server process has minimal access rights, preventing access to sensitive files even if inclusion is attempted. 5) Monitor logs for unusual file access patterns or errors indicative of LFI attempts. 6) Engage with the vendor or community to obtain patches or updates as soon as they become available and apply them promptly. 7) Consider deploying runtime application self-protection (RASP) solutions to detect and block exploitation attempts in real time. 8) Educate developers and administrators about secure coding practices related to file inclusion and path handling to prevent similar vulnerabilities in the future.