CVE-2023-30264 – CLTPHP versions up to 6.0 are vulnerable to unr... (How to Fix)

Q: How do I fix CVE-2023-30264?

Upgrade to a version above 6.0 if available; otherwise, apply workarounds or consider alternative software.

Q: What is the severity of CVE-2023-30264?

CVE-2023-30264 has a CVSS score of 9.8 (CRITICAL). CLTPHP versions up to 6.0 are vulnerable to unrestricted file upload via the Template.php:update function, allowing attackers to upload malicious files like webshells. This affects all users running vulnerable versions, potentially leading to remote code execution.

📋 TL;DR

CLTPHP versions up to 6.0 are vulnerable to unrestricted file upload via the Template.php:update function, allowing attackers to upload malicious files like webshells. This affects all users running vulnerable versions, potentially leading to remote code execution.

💻 Affected Systems

Products:

CLTPHP

Versions: <= 6.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the admin controller, but may be accessible without proper authentication checks.

📦 What is this software?

Cltphp by Cltphp

View all CVEs affecting Cltphp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, data theft, or ransomware deployment.

🟠

Likely Case

Unauthorized file upload leading to webshell installation and server control.

🟢

If Mitigated

Limited impact if file uploads are restricted or monitored, but risk persists.

🌐 Internet-Facing: HIGH, as the vulnerability is exploitable remotely without authentication.

🏢 Internal Only: MEDIUM, as internal attackers could exploit it, but external exposure is higher risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available, making it easy for attackers to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Upgrade to a version above 6.0 if available; otherwise, apply workarounds or consider alternative software.

🔧 Temporary Workarounds

Restrict file upload types

all

Modify the Template.php to validate file extensions and MIME types before upload.

Edit application/admin/controller/Template.php to add validation checks.

Disable vulnerable endpoint

all

Temporarily disable or restrict access to the update function in Template.php.

Comment out or remove the update method in Template.php.

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block malicious file uploads.
Monitor file upload logs for suspicious activity and restrict server permissions.

🔍 How to Verify

Check if Vulnerable:

Check if CLTPHP version is <= 6.0 and review Template.php for lack of file validation.

Check Version:

Check version in CLTPHP configuration files or admin panel.

Verify Fix Applied:

Test file upload with malicious extensions; if blocked, fix is applied.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to Template.php endpoint, especially with .php or .exe extensions.

Network Indicators:

HTTP POST requests to /application/admin/controller/Template.php with file uploads.

SIEM Query:

source="web_logs" AND uri="/application/admin/controller/Template.php" AND method="POST" AND file_upload="true"

📊 Metadata

CVE ID: CVE-2023-30264

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: May 4, 2023

Last Updated: January 29, 2025

🔗 References

https://gist.github.com/HuBenLab/8498761dc3eaaed724a134197f092c47 Third Party Advisory
https://gist.github.com/HuBenLab/8498761dc3eaaed724a134197f092c47 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-30264, you might also want to check these: