CVE-2023-29887 – This vulnerability allows remote attackers to r... (How to Fix)

📋 TL;DR

This vulnerability allows remote attackers to read arbitrary files on the server through a Local File Inclusion flaw in the test.php file of the spreadsheet-reader library. It affects any PHP application using the vulnerable version of this library, potentially exposing sensitive server files like configuration files or credentials.

💻 Affected Systems

Products:

spreadsheet-reader

Versions: 0.5.11

Operating Systems: All operating systems running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations where test.php is accessible and the library is used in PHP applications.

📦 What is this software?

Spreadsheet Reader by Nuovo

View all CVEs affecting Spreadsheet Reader →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive server files like /etc/passwd, configuration files, or source code, leading to credential theft, privilege escalation, or complete system compromise.

🟠

Likely Case

Remote attackers reading sensitive files containing credentials, API keys, or configuration data that could be used for further attacks.

🟢

If Mitigated

Limited impact with proper file permissions and web server configurations that restrict access to sensitive directories.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request manipulation required. No authentication needed if test.php is accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.5.12 or later

Vendor Advisory: https://github.com/nuovo/spreadsheet-reader

Restart Required: No

Instructions:

1. Update spreadsheet-reader to version 0.5.12 or later via composer: composer require nuovo/spreadsheet-reader:^0.5.12
2. Remove or restrict access to test.php file if present
3. Verify the update by checking the library version

🔧 Temporary Workarounds

Remove test.php file

all

Delete or move the vulnerable test.php file from the web-accessible directory

rm /path/to/spreadsheet-reader/test.php

Restrict file access via .htaccess

linux

Block access to test.php using web server configuration

<Files "test.php">
  Order Allow,Deny
  Deny from all
</Files>

🧯 If You Can't Patch

Implement strict input validation and sanitization for file parameters
Configure web server to deny access to test.php and similar debug/development files

🔍 How to Verify

Check if Vulnerable:

Check if test.php exists in the spreadsheet-reader directory and is accessible via HTTP request

Check Version:

composer show nuovo/spreadsheet-reader | grep version

Verify Fix Applied:

Verify spreadsheet-reader version is 0.5.12+ and test.php is not accessible

📡 Detection & Monitoring

Log Indicators:

HTTP requests to test.php with file parameter containing path traversal sequences (../)

Network Indicators:

HTTP GET requests to */test.php?File=* with suspicious file paths

SIEM Query:

source="web_access_logs" AND uri="*test.php*" AND query="*File=*"

📊 Metadata

CVE ID: CVE-2023-29887

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: April 18, 2023

Last Updated: February 6, 2025

🔗 References

https://research.hisolutions.com/2023/01/arbitrary-file-read-vulnerability-php-library-nuovo-spreadsheet-reader-0-5-11/ Exploit,Mitigation,Third Party Advisory
https://research.hisolutions.com/2023/01/arbitrary-file-read-vulnerability-php-library-nuovo-spreadsheet-reader-0-5-11/ Exploit,Mitigation,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29887, you might also want to check these: