Login Sign Up

CVE-2023-26469

9.8 CRITICAL
Remote Code Execution Path Traversal

📋 TL;DR

CVE-2023-26469 is a critical path traversal vulnerability in Jorani 1.0.0 that allows attackers to access arbitrary files on the server and execute remote code. This affects all organizations using Jorani 1.0.0 for leave management. The vulnerability enables complete server compromise.

💻 Affected Systems

Products:
  • Jorani
Versions: 1.0.0
Operating Systems: All platforms running Jorani
Default Config Vulnerable: ⚠️ Yes
Notes: All Jorani 1.0.0 installations are vulnerable regardless of configuration.

📦 What is this software?

Jorani by Jorani

View all CVEs affecting Jorani →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Unauthorized file access, sensitive data exfiltration, and remote code execution leading to server takeover.

🟢

If Mitigated

Limited impact with proper network segmentation, file system permissions, and web application firewalls blocking traversal attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1 or later

Vendor Advisory: https://jorani.org/security-features-in-lms.html

Restart Required: Yes

Instructions:

1. Backup your Jorani installation and database. 2. Download Jorani 1.0.1 or later from the official repository. 3. Replace all files with the patched version. 4. Restart your web server service.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block path traversal patterns in HTTP requests

Add WAF rule to block requests containing '../', '..\', or similar traversal patterns

File System Permissions

linux

Restrict web server user permissions to prevent file access

chmod -R 750 /var/www/jorani/
chown -R www-data:www-data /var/www/jorani/

🧯 If You Can't Patch

  • Isolate the Jorani server in a restricted network segment with no internet access
  • Implement strict file system permissions and disable unnecessary PHP functions

🔍 How to Verify

Check if Vulnerable:

Check if running Jorani version 1.0.0 by examining the application version in the admin interface or checking the source code.

Check Version:

Check the Jorani admin dashboard or examine the application configuration files for version information.

Verify Fix Applied:

Verify the version has been updated to 1.0.1 or later in the admin interface and test that path traversal attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing '../' patterns
  • Unusual file access attempts from web server process
  • PHP execution errors in web server logs

Network Indicators:

  • Multiple failed traversal attempts followed by successful file access
  • Unusual outbound connections from the Jorani server

SIEM Query:

source="web_server_logs" AND ("../" OR "..\\" OR "%2e%2e%2f") AND dest_port=80

📊 Metadata

CVE ID: CVE-2023-26469
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: August 17, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26469, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)