CVE-2023-33601 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2023-33601?

CVE-2023-33601 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to upload arbitrary PHP files through the admin upload functionality in phpok v6.4.100, leading to remote code execution. Any organization running the affected phpok version with the admin interface accessible is at risk.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary PHP files through the admin upload functionality in phpok v6.4.100, leading to remote code execution. Any organization running the affected phpok version with the admin interface accessible is at risk.

💻 Affected Systems

Products:

phpok

Versions: v6.4.100

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires access to /admin.php?c=upload endpoint, which may be protected by authentication.

📦 What is this software?

Phpok by Phpok

View all CVEs affecting Phpok →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the web server, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Webshell deployment leading to data theft, defacement, or use as a foothold for further attacks.

🟢

If Mitigated

Attack blocked at WAF or prevented by proper access controls, resulting in no impact.

🌐 Internet-Facing: HIGH - Admin interfaces exposed to the internet are directly exploitable.

🏢 Internal Only: MEDIUM - Requires attacker to have internal network access or compromised credentials.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin access or authentication bypass to reach the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor for updated version

Vendor Advisory: https://gitee.com/phpok/phpok/issues/I72D24

Restart Required: No

Instructions:

1. Check current phpok version. 2. Update to latest patched version from vendor. 3. Verify upload functionality is secured.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit access to /admin.php endpoints to trusted IP addresses only.

# Apache: <Location /admin.php> Require ip 192.168.1.0/24 </Location>
# Nginx: location /admin.php { allow 192.168.1.0/24; deny all; }

File Upload Validation

all

Implement server-side file type validation and restrict uploads to safe extensions.

# Example PHP validation: if(!in_array(pathinfo($file['name'], PATHINFO_EXTENSION), ['jpg','png'])) { die('Invalid file type'); }

🧯 If You Can't Patch

Disable the upload functionality entirely if not required.
Implement a Web Application Firewall (WAF) with rules to block PHP file uploads to admin endpoints.

🔍 How to Verify

Check if Vulnerable:

Check if phpok version is 6.4.100 and test if PHP files can be uploaded via /admin.php?c=upload.

Check Version:

Check phpok configuration files or admin panel for version information.

Verify Fix Applied:

Attempt to upload a PHP file after patching; it should be rejected or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to /admin.php?c=upload
POST requests with PHP file extensions in upload parameters

Network Indicators:

HTTP POST requests to /admin.php?c=upload with file upload content

SIEM Query:

source="web_logs" AND uri="/admin.php?c=upload" AND method="POST" AND file_extension="php"

📊 Metadata

CVE ID: CVE-2023-33601

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 7, 2023

Last Updated: January 7, 2025

🔗 References

https://gitee.com/phpok/phpok/issues/I72D24 Exploit,Issue Tracking
https://gitee.com/phpok/phpok/issues/I72D24 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33601, you might also want to check these: