Login Sign Up

CVE-2023-25402

7.5 HIGH

📋 TL;DR

CVE-2023-25402 is an unrestricted file upload vulnerability in CleverStupidDog yf-exam 1.8.0 that allows attackers to upload arbitrary files without suffix restrictions. This affects all users running yf-exam 1.8.0, potentially leading to remote code execution or system compromise.

💻 Affected Systems

Products:
  • CleverStupidDog yf-exam
Versions: 1.8.0
Operating Systems: All platforms running yf-exam
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of yf-exam 1.8.0 are vulnerable by default. No special configuration required.

📦 What is this software?

Yf Exam by Yf Exam Project

View all CVEs affecting Yf Exam →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell upload enabling persistent backdoor access, data manipulation, and further exploitation of the server.

🟢

If Mitigated

Limited impact with proper file upload validation, web application firewalls, and restricted file permissions.

🌐 Internet-Facing: HIGH - Internet-facing instances are directly exploitable without authentication.
🏢 Internal Only: MEDIUM - Internal instances require network access but are still vulnerable to authenticated or internal attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP POST requests with malicious file uploads can exploit this vulnerability. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

No official patch available. Consider workarounds or alternative software.

🔧 Temporary Workarounds

Implement File Upload Validation

all

Add server-side validation to restrict allowed file types and extensions

Implement file type checking in upload handler code
Restrict uploads to specific whitelisted extensions

Web Application Firewall Rules

all

Block malicious file upload patterns at the WAF level

Add WAF rule to block uploads with dangerous extensions (.php, .jsp, .exe, etc.)
Implement file content inspection

🧯 If You Can't Patch

  • Disable file upload functionality completely in yf-exam
  • Isolate yf-exam instance in a restricted network segment with no internet access

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with a malicious extension (.php, .jsp, .exe) to the yf-exam upload endpoint. If successful, system is vulnerable.

Check Version:

Check yf-exam version in application configuration or about page

Verify Fix Applied:

Test file upload with restricted extensions. Malicious files should be rejected with proper error messages.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with suspicious extensions
  • Large number of upload requests
  • Failed upload attempts with malicious extensions

Network Indicators:

  • HTTP POST requests to upload endpoints with unusual file types
  • Traffic spikes to upload functionality

SIEM Query:

source="web_server" AND (method="POST" AND uri="*upload*" AND (file_extension="php" OR file_extension="jsp" OR file_extension="exe"))

📊 Metadata

CVE ID: CVE-2023-25402
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-434
Published: March 3, 2023
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25402, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)