CVE-2023-28413 – A directory traversal vulnerability in Snow Mon... (How to Fix)

Q: What is the severity of CVE-2023-28413?

CVE-2023-28413 has a CVSS score of 9.8 (CRITICAL). A directory traversal vulnerability in Snow Monkey Forms allows unauthenticated attackers to access files outside the intended directory. This affects all websites running Snow Monkey Forms v5.0.6 and earlier, potentially exposing sensitive data, modifying website content, or causing service disruption.

📋 TL;DR

A directory traversal vulnerability in Snow Monkey Forms allows unauthenticated attackers to access files outside the intended directory. This affects all websites running Snow Monkey Forms v5.0.6 and earlier, potentially exposing sensitive data, modifying website content, or causing service disruption.

💻 Affected Systems

Products:

Snow Monkey Forms

Versions: v5.0.6 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations using the vulnerable plugin version.

📦 What is this software?

Snow Monkey Forms by Snow Monkey Forms Project

View all CVEs affecting Snow Monkey Forms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website compromise including data theft, defacement, and persistent backdoor installation leading to full system control.

🟠

Likely Case

Sensitive file disclosure (configuration files, database credentials) and website defacement.

🟢

If Mitigated

Limited impact with proper file permissions and web server hardening, though vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Directory traversal vulnerabilities are commonly exploited with simple HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.0.7

Vendor Advisory: https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Snow Monkey Forms. 4. Click 'Update Now' to upgrade to v5.0.7 or later.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable Snow Monkey Forms plugin until patched.

wp plugin deactivate snow-monkey-forms

Web Server Restrictions

linux

Configure web server to block directory traversal patterns.

# Apache: Add to .htaccess
RewriteCond %{REQUEST_URI} \.\. [NC]
RewriteRule .* - [F]

🧯 If You Can't Patch

Implement WAF rules to block directory traversal patterns
Restrict file permissions and implement least privilege access

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Snow Monkey Forms version.

Check Version:

wp plugin get snow-monkey-forms --field=version

Verify Fix Applied:

Confirm version is v5.0.7 or later in WordPress plugins list.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing '../' or '..\' patterns
Access to unexpected files outside plugin directory

Network Indicators:

HTTP requests with encoded directory traversal sequences

SIEM Query:

source="web_logs" AND (uri="*..%2f*" OR uri="*..%5c*")

📊 Metadata

CVE ID: CVE-2023-28413

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: May 23, 2023

Last Updated: January 31, 2025

🔗 References

https://jvn.jp/en/jp/JVN01093915/ Third Party Advisory
https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7/ Release Notes
https://jvn.jp/en/jp/JVN01093915/ Third Party Advisory
https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7/ Release Notes

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-28413, you might also want to check these: