CVE-2023-29721 – SofaWiki versions up to 3.8.9 contain an unrest... (How to Fix)

Q: What is the severity of CVE-2023-29721?

CVE-2023-29721 has a CVSS score of 9.8 (CRITICAL). SofaWiki versions up to 3.8.9 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files and execute arbitrary commands on the server. This affects all deployments running vulnerable versions of SofaWiki, particularly those exposed to the internet. The vulnerability stems from insufficient validation of uploaded files.

📋 TL;DR

SofaWiki versions up to 3.8.9 contain an unrestricted file upload vulnerability that allows attackers to upload malicious files and execute arbitrary commands on the server. This affects all deployments running vulnerable versions of SofaWiki, particularly those exposed to the internet. The vulnerability stems from insufficient validation of uploaded files.

💻 Affected Systems

Products:

SofaWiki

Versions: <= 3.8.9

Operating Systems: All platforms running SofaWiki

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with file upload functionality enabled are vulnerable. No special configuration required.

📦 What is this software?

Sofawiki by Sofawiki Project

View all CVEs affecting Sofawiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with remote code execution, data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Webshell deployment leading to data exfiltration, defacement, or use as a pivot point for further attacks.

🟢

If Mitigated

Limited impact with proper file upload restrictions, web application firewalls, and network segmentation in place.

🌐 Internet-Facing: HIGH - Directly exploitable from the internet without authentication.

🏢 Internal Only: HIGH - Still exploitable by internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web access to the upload functionality. Multiple public references demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: > 3.8.9

Vendor Advisory: https://github.com/bellenuit/sofawiki/issues/27

Restart Required: Yes

Instructions:

1. Upgrade SofaWiki to version 3.9.0 or later. 2. Restart the web server/service. 3. Verify the fix by testing file upload functionality.

🔧 Temporary Workarounds

Disable file uploads

all

Temporarily disable file upload functionality in SofaWiki configuration

Edit SofaWiki configuration to remove or restrict upload capabilities

Web Application Firewall rules

all

Block malicious file uploads at the WAF layer

Configure WAF to block uploads of executable files (PHP, JSP, ASP, etc.)

🧯 If You Can't Patch

Implement strict file upload validation (whitelist allowed extensions, validate file content)
Isolate SofaWiki instance in a segmented network with limited outbound access

🔍 How to Verify

Check if Vulnerable:

Check SofaWiki version in admin panel or configuration files. If version <= 3.8.9, system is vulnerable.

Check Version:

Check SofaWiki admin interface or examine SofaWiki configuration files for version information

Verify Fix Applied:

After patching, attempt to upload a malicious file (in a controlled test) - should be rejected. Verify version > 3.8.9.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads (especially executable files)
Webshell access patterns
Command execution attempts in web logs

Network Indicators:

Outbound connections from web server to suspicious IPs
Unusual traffic patterns from SofaWiki instance

SIEM Query:

source="sofawiki" AND (event="file_upload" AND file_extension IN ("php", "jsp", "asp", "aspx")) OR (event="command_execution")

📊 Metadata

CVE ID: CVE-2023-29721

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: May 24, 2023

Last Updated: January 31, 2025

🔗 References

https://github.com/bellenuit/sofawiki/issues/27 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/xul18/Showcase/issues/2 Issue Tracking,Third Party Advisory
https://github.com/bellenuit/sofawiki/issues/27 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/xul18/Showcase/issues/2 Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29721, you might also want to check these: