Login Sign Up

CVE-2023-36345

8.8 HIGH
CSRF

📋 TL;DR

A Cross-Site Request Forgery vulnerability in POS Codekop v2.0 allows attackers to trick authenticated users into performing unintended actions, potentially leading to privilege escalation. This affects all users of POS Codekop v2.0 who have administrative or user accounts. Attackers can exploit this to gain higher privileges within the system.

💻 Affected Systems

Products:
  • POS Codekop
Versions: v2.0
Operating Systems: Any OS running POS Codekop
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of POS Codekop v2.0 are vulnerable unless specifically hardened against CSRF.

📦 What is this software?

Codekop by Codekop

View all CVEs affecting Codekop →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain administrative privileges, allowing full system compromise, data theft, and complete control over the POS system.

🟠

Likely Case

Attackers escalate privileges to perform unauthorized transactions, modify pricing, or access sensitive customer data.

🟢

If Mitigated

With proper CSRF protections, the attack fails and user sessions remain secure with no privilege escalation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking an authenticated user into visiting a malicious page. Public proof-of-concept videos demonstrate the attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider implementing CSRF tokens in all state-changing requests or upgrading to a secure version if available.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all forms and state-changing endpoints in the application code.

Manual code modification required - add CSRF token generation and validation to all POST/PUT/DELETE endpoints

SameSite Cookie Attribute

all

Set SameSite=Strict or SameSite=Lax on session cookies to prevent cross-site requests.

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

  • Implement web application firewall rules to detect and block CSRF attempts
  • Require re-authentication for sensitive actions and implement double-submit cookie pattern

🔍 How to Verify

Check if Vulnerable:

Check if your POS Codekop installation is version 2.0. Test by attempting to submit a form without CSRF tokens from a different origin.

Check Version:

Check application version in admin panel or configuration files

Verify Fix Applied:

Verify that all forms include CSRF tokens and that state-changing requests validate these tokens. Test that cross-origin requests are rejected.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed privilege escalation attempts
  • Unusual admin actions from non-admin users
  • Requests missing CSRF tokens

Network Indicators:

  • Cross-origin requests to sensitive endpoints
  • Requests with mismatched referer headers

SIEM Query:

source="web_logs" AND (uri="/admin/*" OR uri="/user/*") AND (status=200 OR status=302) AND referer NOT CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2023-36345
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-79
Published: June 23, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36345, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)