Login Sign Up

CVE-2023-0947

9.8 CRITICAL
Path Traversal

📋 TL;DR

This CVE describes a path traversal vulnerability in FlatPress blogging software that allows attackers to read arbitrary files on the server. It affects all FlatPress installations prior to version 1.3. The vulnerability is particularly dangerous because it can be exploited without authentication.

💻 Affected Systems

Products:
  • FlatPress
Versions: All versions prior to 1.3
Operating Systems: All operating systems running FlatPress
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Flatpress by Flatpress

View all CVEs affecting Flatpress →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like configuration files, password hashes, or SSH keys, potentially leading to remote code execution.

🟠

Likely Case

Unauthorized access to sensitive files including configuration files, user data, and potentially source code disclosure.

🟢

If Mitigated

Limited impact if proper file permissions and web server configurations restrict access to sensitive directories.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is simple to exploit with publicly available proof-of-concept code. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3

Vendor Advisory: https://github.com/flatpressblog/flatpress/commit/9c4e5d6567e446c472f3adae3b2fe612f66871c7

Restart Required: No

Instructions:

1. Download FlatPress 1.3 or later from the official repository. 2. Backup your current installation. 3. Replace all files with the new version. 4. Verify the fix by checking the version in admin panel.

🔧 Temporary Workarounds

Web Server Configuration Restriction

all

Configure web server to block directory traversal attempts

# For Apache: Add to .htaccess
RewriteEngine On
RewriteCond %{REQUEST_URI} \.\. [NC]
RewriteRule .* - [F]

🧯 If You Can't Patch

  • Implement strict file permissions to limit access to sensitive directories
  • Deploy a web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check if your FlatPress version is below 1.3 by visiting the admin panel or checking the fp-content directory for version files.

Check Version:

Check fp-content/version.txt or visit /admin.php and look for version information

Verify Fix Applied:

After updating, verify the version shows 1.3 or higher in the admin panel and test path traversal attempts return proper errors.

📡 Detection & Monitoring

Log Indicators:

  • Multiple requests containing '../' or '..\' patterns in URLs
  • Access attempts to sensitive file paths like /etc/passwd, config files

Network Indicators:

  • HTTP requests with encoded directory traversal sequences (%2e%2e%2f, ..%2f)

SIEM Query:

source="web_server_logs" AND (uri="*..*" OR uri="*%2e%2e*" OR uri="*../*")

📊 Metadata

CVE ID: CVE-2023-0947
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: February 22, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-0947, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)