CVE-2023-27700
📋 TL;DR
MuYuCMS v2.2 contains an arbitrary file deletion vulnerability in the /accessory/picdel.html component that allows attackers to delete any file on the server. This affects all MuYuCMS v2.2 installations with the vulnerable component accessible. Attackers can potentially delete critical system files or application data.
💻 Affected Systems
- MuYuCMS
📦 What is this software?
Muyucms by Muyucms Project
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical operating system files, leading to system instability, data loss, or service disruption.
Likely Case
Application data deletion, website defacement, or denial of service by deleting key application files.
If Mitigated
Limited impact if proper file permissions and access controls restrict deletion to non-critical directories.
🎯 Exploit Status
Exploitation requires authentication to access the vulnerable endpoint. The vulnerability is path traversal allowing arbitrary file deletion.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v2.3 or later
Vendor Advisory: https://github.com/MuYuCMS/MuYuCMS/issues/8
Restart Required: No
Instructions:
1. Backup your current installation. 2. Download and install MuYuCMS v2.3 or later from the official repository. 3. Replace the vulnerable /accessory/picdel.html component. 4. Verify the fix by testing file deletion functionality.
🔧 Temporary Workarounds
Disable vulnerable endpoint
linuxRemove or restrict access to the /accessory/picdel.html file
mv /path/to/MuYuCMS/accessory/picdel.html /path/to/MuYuCMS/accessory/picdel.html.disabled
chmod 000 /path/to/MuYuCMS/accessory/picdel.html
Implement input validation
allAdd path traversal validation to the file deletion function
🧯 If You Can't Patch
- Implement strict file permissions to restrict deletion to specific directories only
- Deploy web application firewall (WAF) rules to block path traversal attempts
🔍 How to Verify
Check if Vulnerable:
Check if /accessory/picdel.html exists and accepts file path parameters without proper validation. Test with controlled file deletion attempts.Check Version:
Check MuYuCMS version in configuration files or admin panel. Typically in /config/version.php or similar.Verify Fix Applied:
Verify that arbitrary file deletion is no longer possible and only allowed files can be deleted. Check that path traversal attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Multiple failed file deletion attempts
- Access to /accessory/picdel.html with unusual file paths
- Path traversal patterns in request logs
Network Indicators:
- HTTP requests to /accessory/picdel.html with ../ patterns in parameters
- Unusual file deletion patterns from web interface
SIEM Query:
source="web_logs" AND uri="/accessory/picdel.html" AND (param="../" OR param="..\\")