Login Sign Up

CVE-2023-0454

8.1 HIGH
Path Traversal

📋 TL;DR

OrangeScrum version 2.0.11 contains a path traversal vulnerability that allows authenticated attackers to delete arbitrary files on the server. This occurs because user-controlled input is not properly sanitized when constructing file paths. Organizations running OrangeScrum 2.0.11 are affected.

💻 Affected Systems

Products:
  • OrangeScrum
Versions: 2.0.11
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated access to exploit.

📦 What is this software?

Orangescrum by Orangescrum

View all CVEs affecting Orangescrum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files, leading to service disruption, data loss, or privilege escalation.

🟠

Likely Case

Unauthorized deletion of application files, configuration files, or user data causing service disruption and data loss.

🟢

If Mitigated

Limited impact if proper file permissions and input validation are implemented, restricting deletion to non-critical files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.12 or later

Vendor Advisory: https://github.com/Orangescrum/orangescrum/

Restart Required: Yes

Instructions:

1. Backup your OrangeScrum installation and database. 2. Download and install OrangeScrum version 2.0.12 or later from the official repository. 3. Follow the upgrade instructions in the OrangeScrum documentation. 4. Restart the web server and application services.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to sanitize file path parameters and prevent directory traversal sequences.

Implement input validation in affected PHP files to filter '../', '..\', and other traversal sequences

File Permission Restriction

linux

Restrict web server user permissions to prevent deletion of critical system files.

chmod 644 /path/to/critical/files
chown root:root /path/to/critical/files

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block path traversal patterns in requests
  • Restrict network access to OrangeScrum to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check OrangeScrum version in admin panel or by examining application files for version 2.0.11.

Check Version:

Check OrangeScrum version in admin dashboard or examine version.php file in installation directory.

Verify Fix Applied:

Verify installation of OrangeScrum version 2.0.12 or later and test that file deletion functionality properly validates input.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file deletion events in application logs
  • Multiple failed file deletion attempts with traversal patterns

Network Indicators:

  • HTTP requests containing '../' or similar traversal sequences in file parameters

SIEM Query:

source="orange_scrum_logs" AND (message="*delete*" AND message="*../*")

📊 Metadata

CVE ID: CVE-2023-0454
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-22
Published: February 1, 2023
Last Updated: March 27, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0454, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)