Login Sign Up

CVE-2023-23328

8.8 HIGH

📋 TL;DR

This vulnerability allows authenticated users to upload malicious PHP files to AvantFAX servers by bypassing file type validation. Attackers can execute arbitrary code on the server, potentially compromising the entire system. Only AvantFAX 3.3.7 installations with authenticated user access are affected.

💻 Affected Systems

Products:
  • AvantFAX
Versions: 3.3.7
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access; default installations are vulnerable.

📦 What is this software?

Avantfax by Avantfax

View all CVEs affecting Avantfax →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or use as a pivot point into internal networks.

🟠

Likely Case

Webshell installation allowing persistent access, data exfiltration, and further lateral movement within the network.

🟢

If Mitigated

Limited to authenticated user's privileges if proper file upload restrictions and web application firewalls are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires authenticated access but is trivial to execute once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Restrict PHP file uploads via web server

linux

Configure web server to block PHP file execution in upload directories

For Apache: Add 'php_flag engine off' to .htaccess in upload directory
For Nginx: Add 'location ~ \.php$ { deny all; }' to upload directory config

Implement file extension whitelisting

all

Modify FileUpload.php to only allow specific safe file extensions

Edit FileUpload.php to replace current validation with: $allowed = ['pdf', 'jpg', 'png', 'txt']; if(!in_array($ext, $allowed)) { die('Invalid file type'); }

🧯 If You Can't Patch

  • Disable file upload functionality completely in AvantFAX configuration
  • Implement strict network segmentation to isolate AvantFAX server from critical systems

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a PHP file with .php extension while authenticated; if successful, system is vulnerable.

Check Version:

Check AvantFAX version in web interface or configuration files

Verify Fix Applied:

Attempt same upload test; file should be rejected or saved without execution capability.

📡 Detection & Monitoring

Log Indicators:

  • PHP file uploads in web server logs
  • Unusual POST requests to FileUpload.php
  • Webshell access patterns in logs

Network Indicators:

  • Unexpected outbound connections from AvantFAX server
  • POST requests with PHP file content

SIEM Query:

source="web.log" AND (uri="/FileUpload.php" OR file_extension=".php") AND user_agent NOT IN ["normal_user_agents"]

📊 Metadata

CVE ID: CVE-2023-23328
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: March 10, 2023
Last Updated: March 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23328, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)