Login Sign Up

CVE-2023-33558

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Ocomon's users-grid-data.php component allows attackers to access sensitive user information including emails and usernames without proper authentication. It affects Ocomon installations before version 4.0.1, potentially exposing user data to unauthorized parties.

💻 Affected Systems

Products:
  • Ocomon
Versions: All versions before 4.0.1
Operating Systems: Any OS running Ocomon
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Ocomon installations with the vulnerable component accessible.

📦 What is this software?

Ocomon by Ocomon Project

View all CVEs affecting Ocomon →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could harvest all user emails and usernames, enabling targeted phishing campaigns, credential stuffing attacks, or identity theft against the organization's user base.

🟠

Likely Case

Attackers will collect user email addresses and usernames for spam lists, credential stuffing databases, or reconnaissance for further attacks.

🟢

If Mitigated

With proper network segmentation and access controls, only authorized internal users could access the data, limiting exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability appears to be a direct information disclosure via improper access controls in the PHP component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.1

Vendor Advisory: https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc

Restart Required: No

Instructions:

1. Download Ocomon v4.0.1 or later from official sources. 2. Backup current installation. 3. Replace users-grid-data.php with patched version. 4. Verify functionality.

🔧 Temporary Workarounds

Access Restriction

all

Restrict access to users-grid-data.php via web server configuration or firewall rules.

# Apache: <Location /path/to/users-grid-data.php> Require all denied </Location>
# Nginx: location ~ /users-grid-data\.php$ { deny all; }

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can reach the Ocomon instance.
  • Monitor access logs for unauthorized requests to users-grid-data.php.

🔍 How to Verify

Check if Vulnerable:

Check if Ocomon version is below 4.0.1 and if users-grid-data.php is accessible without authentication.

Check Version:

Check Ocomon admin panel or version file in installation directory.

Verify Fix Applied:

Verify Ocomon version is 4.0.1 or higher and test that users-grid-data.php no longer discloses sensitive information.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to users-grid-data.php from unauthorized IPs
  • Unusual access patterns to user data endpoints

Network Indicators:

  • Traffic to users-grid-data.php from external sources
  • Data exfiltration patterns

SIEM Query:

source="web_logs" AND uri="*users-grid-data.php*" AND NOT src_ip IN (authorized_ips)

📊 Metadata

CVE ID: CVE-2023-33558
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: October 26, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33558, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)