Login Sign Up

CVE-2023-29627

8.8 HIGH
Remote Code Execution

📋 TL;DR

Online Pizza Ordering v1.0 contains an arbitrary file upload vulnerability that allows attackers to upload malicious files to the server. This can lead to remote code execution, potentially compromising the entire server. Anyone running this specific version of the software is affected.

💻 Affected Systems

Products:
  • Online Pizza Ordering
Versions: 1.0
Operating Systems: Any OS running the web application
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the default installation with no additional security controls.

📦 What is this software?

Online Pizza Ordering by Online Pizza Ordering Project

View all CVEs affecting Online Pizza Ordering →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with attacker gaining full control, data theft, ransomware deployment, and lateral movement to other systems.

🟠

Likely Case

Webshell deployment leading to data exfiltration, defacement, or use as a foothold for further attacks.

🟢

If Mitigated

File uploads blocked or properly validated, preventing malicious file execution.

🌐 Internet-Facing: HIGH - Directly accessible web application with critical vulnerability.
🏢 Internal Only: MEDIUM - Still significant risk if internal users can exploit.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple file upload bypass techniques can be used. Public exploit code exists in GitHub repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Implement File Upload Validation

all

Add server-side validation to restrict file uploads to specific extensions and verify file content.

# Add to upload handler: validate file extension, MIME type, and content

Web Application Firewall Rules

all

Configure WAF to block malicious file uploads and suspicious POST requests.

# WAF rule to block file uploads with dangerous extensions (php, asp, jsp, etc.)

🧯 If You Can't Patch

  • Disable file upload functionality entirely if not required.
  • Implement strict network segmentation to isolate the vulnerable system.

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a file with dangerous extension (e.g., .php) to the upload endpoint. If accepted without validation, system is vulnerable.

Check Version:

Check application version in admin panel or configuration files.

Verify Fix Applied:

Test file upload with malicious extensions; should be rejected with proper error messages.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with suspicious extensions
  • POST requests to upload endpoints with executable files
  • Webshell access logs

Network Indicators:

  • HTTP POST requests with file uploads to vulnerable endpoints
  • Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND (uri="/upload" OR uri="*upload*") AND (file_extension="php" OR file_extension="asp" OR file_extension="jsp")

📊 Metadata

CVE ID: CVE-2023-29627
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: April 14, 2023
Last Updated: February 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29627, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)