Login Sign Up

CVE-2022-23375

8.8 HIGH
Remote Code Execution

📋 TL;DR

WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability where attackers can upload malicious files through the image upload form. This allows authenticated users to execute arbitrary code on the server. All installations running the vulnerable version are affected.

💻 Affected Systems

Products:
  • WikiDocs
Versions: 0.1.18
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to the image upload functionality.

📦 What is this software?

Wikidocs by Wikidocs

View all CVEs affecting Wikidocs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise allowing attackers to execute arbitrary commands, steal data, install backdoors, or pivot to other systems.

🟠

Likely Case

Attacker gains shell access to the server, potentially compromising sensitive data and using the server for further attacks.

🟢

If Mitigated

Limited impact with proper file upload restrictions and server hardening, though risk remains if authentication is bypassed.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.1.19 or later

Vendor Advisory: https://github.com/Zavy86/WikiDocs/issues/28

Restart Required: No

Instructions:

1. Backup your WikiDocs installation and database. 2. Download the latest version from GitHub. 3. Replace the vulnerable files with the patched version. 4. Verify the upload functionality is properly restricted.

🔧 Temporary Workarounds

Disable image upload functionality

all

Temporarily disable the image upload feature in index.php to prevent exploitation.

Edit index.php to remove or comment out image upload handling code

Implement file upload restrictions

all

Add server-side validation to restrict uploaded files to specific extensions and scan for malicious content.

Add file extension whitelisting and MIME type validation in upload handling code

🧯 If You Can't Patch

  • Implement strict authentication controls and monitor for suspicious upload activity.
  • Deploy a web application firewall (WAF) with rules to block malicious file uploads.

🔍 How to Verify

Check if Vulnerable:

Check if running WikiDocs version 0.1.18 by examining version files or configuration.

Check Version:

Check the version in WikiDocs configuration files or admin panel.

Verify Fix Applied:

Verify version is 0.1.19 or later and test that malicious file uploads are properly blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to image upload endpoint
  • Files with suspicious extensions being uploaded
  • Multiple failed upload attempts

Network Indicators:

  • HTTP POST requests to upload endpoints with unusual file types
  • Traffic patterns indicating file upload exploitation

SIEM Query:

source="web_server" AND (url="*upload*" OR url="*index.php*") AND (file_extension="php" OR file_extension="exe" OR file_extension="sh")

📊 Metadata

CVE ID: CVE-2022-23375
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: February 19, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23375, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)