CVE-2023-31585
📋 TL;DR
Grocery-CMS-PHP-Restful-API v1.3 has an unrestricted file upload vulnerability in the /admin/add-category.php endpoint that allows attackers to upload malicious files. This affects any system running the vulnerable version of this PHP-based grocery store content management system. Attackers can achieve remote code execution by uploading webshells or other malicious scripts.
💻 Affected Systems
- Grocery-CMS-PHP-Restful-API
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via remote code execution, data theft, defacement, and lateral movement within the network.
Likely Case
Webshell deployment leading to data exfiltration, backdoor persistence, and potential ransomware deployment.
If Mitigated
File upload attempts are blocked or logged, preventing successful exploitation while maintaining system functionality.
🎯 Exploit Status
Exploitation requires admin access to the /admin/add-category.php endpoint. The vulnerability is well-documented with proof-of-concept available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Check if newer versions exist on the GitHub repository. 2. If no patch exists, implement workarounds or consider alternative software.
🔧 Temporary Workarounds
Restrict file upload types
allModify add-category.php to only allow specific image file types and validate file extensions.
Edit /admin/add-category.php to add file type validation before processing uploads
Disable vulnerable endpoint
allTemporarily disable or restrict access to /admin/add-category.php
Add authentication check or IP restriction to /admin/add-category.php
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block malicious file uploads
- Restrict admin panel access to specific IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check if /admin/add-category.php exists and allows file uploads without proper validation. Test by attempting to upload a non-image file.Check Version:
Check the software version in the application files or configurationVerify Fix Applied:
Attempt to upload a malicious file (e.g., .php file) to /admin/add-category.php and verify it's rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /admin/add-category.php
- Uploads of non-image file types
- Multiple failed upload attempts
Network Indicators:
- POST requests to /admin/add-category.php with file uploads
- Unusual outbound connections after file uploads
SIEM Query:
source="web_logs" AND uri="/admin/add-category.php" AND method="POST" AND file_upload="true"