Login Sign Up

CVE-2023-36212

8.8 HIGH
Remote Code Execution

📋 TL;DR

CVE-2023-36212 is a file upload vulnerability in Total CMS v1.7.4 that allows remote attackers to upload crafted PHP files through the edit page function, leading to arbitrary code execution. This affects all systems running Total CMS v1.7.4 with the vulnerable edit page functionality enabled. Attackers can gain complete control of affected web servers.

💻 Affected Systems

Products:
  • Total CMS
Versions: v1.7.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the edit page functionality which appears to be enabled by default. No special configuration required for exploitation.

📦 What is this software?

Total Cms by Totalcms

View all CVEs affecting Total Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise with attacker gaining root/admin access, data exfiltration, ransomware deployment, and use as pivot point for lateral movement.

🟠

Likely Case

Webshell upload leading to website defacement, data theft, and backdoor persistence on the server.

🟢

If Mitigated

Attack blocked at WAF/web application firewall level with file upload restrictions preventing PHP execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Multiple public exploits available requiring authentication to the edit page. Exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement workarounds.

🔧 Temporary Workarounds

Restrict PHP File Uploads

all

Configure web server to block PHP file uploads or execution from upload directories

# For Apache: Add to .htaccess in upload directory
<Files *.php>
    Order Deny,Allow
    Deny from all
</Files>
# For Nginx: Add to server block
location ~* \.php$ {
    deny all;
    return 403;
}

Disable Edit Page Function

all

Remove or disable the vulnerable edit page functionality

# Remove or rename the edit page file
mv /path/to/edit_page.php /path/to/edit_page.php.disabled

🧯 If You Can't Patch

  • Implement strict file upload validation: only allow specific file types, validate file extensions, and scan uploaded files
  • Deploy WAF rules to block PHP file uploads and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check if running Total CMS v1.7.4 and if edit page functionality is accessible

Check Version:

Check CMS configuration files or admin panel for version information

Verify Fix Applied:

Attempt to upload a PHP file through the edit page - should be blocked or fail

📡 Detection & Monitoring

Log Indicators:

  • PHP file uploads to edit page endpoint
  • Unusual file uploads with .php extension
  • Multiple failed upload attempts

Network Indicators:

  • POST requests to edit page with file uploads
  • Unusual outbound connections from web server

SIEM Query:

source="web_logs" AND (uri="/edit_page" OR uri="*edit*php") AND (method="POST" AND file_extension=".php")

📊 Metadata

CVE ID: CVE-2023-36212
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: August 3, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36212, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)