Login Sign Up

CVE-2020-23790

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows unauthenticated attackers to upload arbitrary files to servers running the Golo Laravel theme v1.1.5. This can lead to remote code execution and complete system compromise. Any website using this vulnerable theme version is affected.

💻 Affected Systems

Products:
  • Golo City Guide Laravel Theme
Versions: v1.1.5
Operating Systems: Any OS running PHP/Laravel
Default Config Vulnerable: ⚠️ Yes
Notes: Requires PHP/Laravel environment with file upload functionality enabled.

📦 What is this software?

Golo by Uxper

View all CVEs affecting Golo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover via web shell upload leading to data theft, ransomware deployment, or use as attack infrastructure.

🟠

Likely Case

Web shell installation allowing persistent backdoor access, data exfiltration, and lateral movement within the network.

🟢

If Mitigated

File upload attempts blocked or quarantined with no successful exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit script available on GitHub demonstrating file upload bypass.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.1.6 or later

Vendor Advisory: https://codecanyon.net/item/golo-city-guide-laravel-theme/25785389

Restart Required: No

Instructions:

1. Download latest version from CodeCanyon. 2. Backup current installation. 3. Replace theme files with patched version. 4. Verify file upload restrictions are properly implemented.

🔧 Temporary Workarounds

File Upload Restriction

all

Implement server-side file type validation and extension filtering

# Add to .htaccess: php_value upload_max_filesize 2M
# Add file type validation in PHP

Web Application Firewall

linux

Deploy WAF rules to block malicious file upload patterns

# ModSecurity rule: SecRule FILES "@rx \.(php|phtml|phar)$" "deny,status:403"

🧯 If You Can't Patch

  • Disable file upload functionality completely in theme settings
  • Implement strict file permission controls (chmod 644 for uploads directory)

🔍 How to Verify

Check if Vulnerable:

Check theme version in admin panel or composer.json. If version is 1.1.5, test file upload with malicious extensions.

Check Version:

grep -r "version.*1.1.5" /path/to/laravel/themes/ || php artisan --version

Verify Fix Applied:

Attempt to upload PHP file with .php extension - should be rejected. Verify theme version shows 1.1.6+.

📡 Detection & Monitoring

Log Indicators:

  • POST requests to upload endpoints with PHP files
  • Files with .php extension in upload directories
  • Large number of 200 responses from upload endpoints

Network Indicators:

  • Unusual outbound connections from web server
  • POST requests with file uploads to unexpected paths

SIEM Query:

source="web_logs" AND (uri_path="*upload*" OR uri_path="*file*" ) AND (http_method="POST") AND (status=200) AND (file_extension="php" OR file_extension="phtml")

📊 Metadata

CVE ID: CVE-2020-23790
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: May 12, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23790, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)