CVE-2023-36097 – Funadmin v3.3.2 and v3.3.3 contain an insecure ... (How to Fix)

Q: What is the severity of CVE-2023-36097?

CVE-2023-36097 has a CVSS score of 9.8 (CRITICAL). Funadmin v3.3.2 and v3.3.3 contain an insecure file upload vulnerability in the plugins installation feature. Attackers can upload malicious files, potentially leading to remote code execution. Any system running these vulnerable versions is affected.

📋 TL;DR

Funadmin v3.3.2 and v3.3.3 contain an insecure file upload vulnerability in the plugins installation feature. Attackers can upload malicious files, potentially leading to remote code execution. Any system running these vulnerable versions is affected.

💻 Affected Systems

Products:

funadmin

Versions: v3.3.2, v3.3.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with plugins installation functionality enabled.

📦 What is this software?

Funadmin by Funadmin

View all CVEs affecting Funadmin →

Funadmin by Funadmin

View all CVEs affecting Funadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Webshell deployment leading to unauthorized access, data exfiltration, or further exploitation of the server.

🟢

If Mitigated

Limited impact if file uploads are restricted to trusted sources and proper file validation is implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access the plugins installation feature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.3.4 or later

Vendor Advisory: https://github.com/funadmin/funadmin/issues/17

Restart Required: No

Instructions:

1. Backup your current installation. 2. Download the latest version from the official repository. 3. Replace the vulnerable files with the patched version. 4. Verify the installation.

🔧 Temporary Workarounds

Disable plugins installation

all

Temporarily disable the plugins installation feature to prevent exploitation.

Modify application configuration to disable plugins upload functionality

Implement file upload restrictions

all

Configure web server to restrict file uploads to specific extensions and validate file types.

Configure web server (Apache/Nginx) to block uploads of executable files

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy web application firewall with file upload protection rules

🔍 How to Verify

Check if Vulnerable:

Check the application version in the admin panel or configuration files. If version is v3.3.2 or v3.3.3, the system is vulnerable.

Check Version:

Check the version in the admin dashboard or examine the application's configuration files.

Verify Fix Applied:

Verify the application version has been updated to v3.3.4 or later and test the plugins installation feature with malicious file upload attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to plugins directory
Multiple failed upload attempts
Uploads of executable files

Network Indicators:

HTTP POST requests to plugins installation endpoints with unusual file extensions

SIEM Query:

source="web_server" AND (uri="/admin/plugins/install" OR uri="/plugins/install") AND method="POST" AND file_extension IN ("php", "jsp", "asp", "exe")

📊 Metadata

CVE ID: CVE-2023-36097

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: June 22, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/funadmin/funadmin/issues/17 Exploit,Issue Tracking,Vendor Advisory
https://github.com/funadmin/funadmin/issues/17 Exploit,Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36097, you might also want to check these: