External risk intelligence

AdPortal 3.0.39 Server-Side Template Injection leads to arbitrary code execution.

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2024-50658

AdPortal is typically deployed as a web-based portal for managing advertising workflows, making it a service that is commonly exposed as an internet-facing or externally reachable web application for users and clients.

Code Injection

Ipublishmedia Adportal

3.0.39

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A critical vulnerability exists in AdPortal software, specifically in version 3.0.39. This flaw, known as Server-Side Template Injection, allows unauthenticated remote attackers to execute arbitrary code by manipulating certain user information parameters. The primary concern is to confirm if this software and version are in use within the organization, as its exposure to external networks increases the potential risk.

  • Allows code execution via web requests.
  • Critical flaw in widely exposed software.
  • Confirm relevance and identify affected systems.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending specially crafted requests to the AdPortal application over the network. The `updateuserinfo.html` file is susceptible to Server-Side Template Injection when processing the `shippingAsBilling` and `firstname` parameters. This allows an attacker to inject malicious code that the server then executes, potentially leading to arbitrary code execution.

  • No authentication required for access.
  • Malicious input in specific parameters.
  • Arbitrary code execution on server.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the server by injecting malicious content into the `shippingAsBilling` and `firstname` parameters when updating user information. This could potentially lead to a compromise of the AdPortal application.

  • Server-side code execution.
  • Via crafted user input.
  • Complete application compromise.

Operational Fix

Recommended remediation, mitigation, and detection steps

The technical teams responsible for addressing this Server-Side Template Injection vulnerability in AdPortal will depend on your organization's specific deployment and operational model. Typically, the application owner or a dedicated platform team would lead remediation efforts, coordinating closely with the infrastructure and network/security teams to assess exposure and implement fixes. The first critical step is to precisely locate all instances of AdPortal, determine their reachability and business criticality, and identify the accountable owner before planning any remediation actions based on the identified risk.

  • Application or platform teams own remediation.
  • Verify AdPortal instances and business criticality.
  • Plan remediation based on risk and impact.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is AdPortal software used for?

AdPortal is a specialized web-based application developed by ipublishmedia. It is primarily used by organizations to manage advertising workflows, serving as a portal where users and clients can submit, track, and process ad-related information through a centralized interface.

What does Server-Side Template Injection mean for CVE-2024-50658?

This vulnerability, classified as CWE-94, occurs when an application improperly processes user input within its server-side templates. In this case, the AdPortal application mistakenly treats attacker-supplied data as executable instructions. This allows a remote attacker to bypass intended logic and run their own commands directly on the host server.

How can an attacker trigger this vulnerability?

An attacker triggers this flaw by sending specially crafted web requests that target the updateuserinfo.html file. By injecting malicious content into the 'shippingAsBilling' or 'firstname' parameters, they force the application to execute that code. Simply visiting the portal or navigating the site normally does not trigger the bug; it requires specifically manipulated input directed at those parameters.

Why is this CVE considered relevant to my organization?

According to Halo Surface Signal, AdPortal is typically deployed as an internet-facing service to facilitate advertising management for various clients. Because it is often accessible from external networks, systems running version 3.0.39 are likely reachable by unauthorized remote users, significantly increasing the potential risk of a successful compromise.

What is the first step to address CVE-2024-50658?

The immediate priority is to conduct an internal inventory to locate every instance of AdPortal 3.0.39 within your environment. Once identified, work with the relevant application owners to determine the business criticality of these systems and confirm their network reachability. This foundational assessment is essential before your team can plan and prioritize the necessary remediation steps.