CVE-2020-23138 – This vulnerability allows attackers to upload m... (How to Fix)

Q: What is the severity of CVE-2020-23138?

CVE-2020-23138 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to upload malicious PHP files disguised as JPEG images to Microweber's admin panel. Attackers can execute arbitrary code on the web server, potentially compromising the entire system. All Microweber 1.1.18 installations with admin access are affected.

📋 TL;DR

This vulnerability allows attackers to upload malicious PHP files disguised as JPEG images to Microweber's admin panel. Attackers can execute arbitrary code on the web server, potentially compromising the entire system. All Microweber 1.1.18 installations with admin access are affected.

💻 Affected Systems

Products:

Microweber CMS

Versions: 1.1.18 and possibly earlier versions

Operating Systems: All platforms running Microweber

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin access to exploit, but admin panels are often exposed

📦 What is this software?

Microweber by Microweber

View all CVEs affecting Microweber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or complete system takeover

🟠

Likely Case

Webshell installation allowing persistent access, data exfiltration, and lateral movement

🟢

If Mitigated

Limited impact with proper file upload restrictions and server hardening

🌐 Internet-Facing: HIGH - Admin panels are often internet-facing and this allows unauthenticated file upload

🏢 Internal Only: MEDIUM - Still significant risk if internal attackers gain admin access

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin credentials but is trivial to execute once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.19 or later

Vendor Advisory: https://github.com/microweber/microweber/releases

Restart Required: No

Instructions:

1. Backup your Microweber installation. 2. Update to Microweber 1.1.19 or later via admin panel or manual download. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Restrict file upload extensions

all

Configure web server to block .php file uploads in upload directories

# For Apache: Add to .htaccess in upload directory
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|jsp|asp|htm|html|shtml|sh|cgi)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>
# For Nginx: Add to server block
location ~* \.(php|php3|php4|php5|phtml|pl|py|jsp|asp)$ {
  deny all;
}

Implement file type verification

all

Add server-side validation to check actual file content type, not just extension

# Example PHP validation snippet
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, $_FILES['file']['tmp_name']);
if (!in_array($mime, ['image/jpeg', 'image/png', 'image/gif'])) {
  die('Invalid file type');
}

🧯 If You Can't Patch

Disable file upload functionality in admin panel
Implement WAF rules to block .php file uploads and suspicious POST requests

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a .php file with image/jpeg content type via admin panel. If successful, system is vulnerable.

Check Version:

Check Microweber version in admin dashboard or via composer show microweber/microweber

Verify Fix Applied:

Attempt same upload test - should be rejected with proper error message

📡 Detection & Monitoring

Log Indicators:

Multiple failed upload attempts with .php extensions
Successful upload of .php files to upload directories
Unusual admin login activity

Network Indicators:

POST requests to upload endpoints with .php files
Traffic to unexpected .php files in upload directories

SIEM Query:

source="web_server" AND (uri="*upload*" AND file_extension="php") OR (user_agent="*admin*" AND status=200 AND uri="*.php")

📊 Metadata

CVE ID: CVE-2020-23138

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: November 9, 2020

Last Updated: November 21, 2024

🔗 References

https://gist.github.com/virendratiwari03/0918aaba97eba31666630996ab3aeec3 Third Party Advisory
https://gist.github.com/virendratiwari03/800f96271f22c0c2f5aea126c7f1f170 Third Party Advisory
https://gist.github.com/virendratiwari03/0918aaba97eba31666630996ab3aeec3 Third Party Advisory
https://gist.github.com/virendratiwari03/800f96271f22c0c2f5aea126c7f1f170 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23138, you might also want to check these: