CVE-2023-27812 – CVE-2023-27812 is an arbitrary file deletion vu... (How to Fix)

Q: What is the severity of CVE-2023-27812?

CVE-2023-27812 has a CVSS score of 9.1 (CRITICAL). CVE-2023-27812 is an arbitrary file deletion vulnerability in bloofox v0.5.2 that allows attackers to delete any file on the server via the delete_file() function. This affects all users running bloofox v0.5.2, potentially leading to complete system compromise through deletion of critical files.

📋 TL;DR

CVE-2023-27812 is an arbitrary file deletion vulnerability in bloofox v0.5.2 that allows attackers to delete any file on the server via the delete_file() function. This affects all users running bloofox v0.5.2, potentially leading to complete system compromise through deletion of critical files.

💻 Affected Systems

Products:

bloofox

Versions: v0.5.2

Operating Systems: Any OS running PHP (Linux, Windows, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of bloofox v0.5.2 are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Bloofoxcms by Bloofox

View all CVEs affecting Bloofoxcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through deletion of critical system files (e.g., /etc/passwd, web server configuration), leading to service disruption, data loss, and potential privilege escalation.

🟠

Likely Case

Deletion of web application files causing service disruption, data loss, and potential defacement or destruction of the bloofox installation.

🟢

If Mitigated

Limited impact if proper file permissions and web server sandboxing prevent deletion of critical system files outside the web root.

🌐 Internet-Facing: HIGH - Web applications are directly accessible and vulnerable to unauthenticated exploitation.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but external exposure increases overall risk significantly.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in a core function and requires minimal technical skill to exploit. Public GitHub issue demonstrates the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - bloofox appears to be abandoned software

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing workarounds.

🔧 Temporary Workarounds

Disable or secure delete_file() function

all

Modify the bloofox source code to remove or properly secure the vulnerable delete_file() function with input validation and path restrictions.

# Locate delete_file() function in bloofox source code
# Add path validation: restrict to specific directories
# Add authentication/authorization checks

Implement strict file permissions

all

Set restrictive file permissions on the web server to prevent the web user from deleting critical files outside the web root.

# Linux: chmod 755 /var/www/html
# Linux: chown root:www-data /etc /usr /var/log
# Windows: Use NTFS permissions to restrict IIS/IUSR account

🧯 If You Can't Patch

Remove bloofox from production and migrate to maintained alternative software
Implement network segmentation and WAF rules to block suspicious file deletion requests

🔍 How to Verify

Check if Vulnerable:

Check bloofox version in admin panel or by examining source files. Look for version 0.5.2 in configuration files.

Check Version:

grep -r "version.*0.5.2" /path/to/bloofox/ or check admin panel

Verify Fix Applied:

Test if delete_file() function still exists and if it properly validates file paths before deletion.

📡 Detection & Monitoring

Log Indicators:

Unusual file deletion requests in web server logs
404 errors for previously existing critical files
POST/GET requests to delete_file endpoint

Network Indicators:

HTTP requests containing file paths with directory traversal sequences (../)
Requests to delete non-application files

SIEM Query:

web.url="*delete_file*" OR web.url="*../*" AND (web.status=200 OR web.status=404)

📊 Metadata

CVE ID: CVE-2023-27812

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-22

Published: April 13, 2023

Last Updated: November 21, 2024

🔗 References

http://bloofox.com Product
https://github.com/jspring996 Not Applicable
https://github.com/jspring996/PHPcodecms/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://www.bloofox.com/ Product
http://bloofox.com Product
https://github.com/jspring996 Not Applicable
https://github.com/jspring996/PHPcodecms/issues/1 Exploit,Issue Tracking,Third Party Advisory
https://www.bloofox.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-27812, you might also want to check these: