Login Sign Up

CVE-2023-39147

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to upload malicious image files to Uvdesk 1.1.3, which can lead to remote code execution on the server. Any organization running the affected version of Uvdesk is vulnerable to complete system compromise.

💻 Affected Systems

Products:
  • Uvdesk
Versions: 1.1.3
Operating Systems: All platforms running Uvdesk
Default Config Vulnerable: ⚠️ Yes
Notes: Any Uvdesk installation with file upload functionality enabled is vulnerable

📦 What is this software?

Uvdesk by Webkul

View all CVEs affecting Uvdesk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to data theft, ransomware deployment, or use as a pivot point into internal networks

🟠

Likely Case

Webshell installation allowing persistent backdoor access and data exfiltration

🟢

If Mitigated

File upload blocked or properly validated, preventing exploitation

🌐 Internet-Facing: HIGH - Web applications with file upload functionality are prime targets for automated attacks
🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but attack surface is reduced

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit code available on Packet Storm, requires only web access to vulnerable endpoint

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.4 or later

Vendor Advisory: https://github.com/uvdesk/community-skeleton/releases

Restart Required: Yes

Instructions:

1. Backup current installation and database. 2. Download latest version from official repository. 3. Replace files with patched version. 4. Clear cache and restart web server.

🔧 Temporary Workarounds

Disable file upload functionality

all

Temporarily disable image/file upload features in Uvdesk configuration

Edit Uvdesk configuration to remove upload endpoints or restrict to admin-only

Web Application Firewall rules

all

Block malicious file uploads at the WAF level

Add WAF rules to block file uploads containing PHP/executable code in image files

🧯 If You Can't Patch

  • Implement strict file type validation and content inspection for all uploads
  • Run Uvdesk in a containerized environment with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check if running Uvdesk version 1.1.3 via admin panel or version file

Check Version:

Check composer.json or version file in Uvdesk installation directory

Verify Fix Applied:

Verify version is 1.1.4 or later and test file upload functionality with malicious files

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads to Uvdesk endpoints
  • Files with double extensions (.jpg.php)
  • Webshell access patterns in access logs

Network Indicators:

  • HTTP POST requests to upload endpoints with executable content
  • Outbound connections from Uvdesk server to unknown IPs

SIEM Query:

source="uvdesk_access.log" AND (uri_path="/uploads" OR uri_path="/file/upload") AND status=200 AND size>100000

📊 Metadata

CVE ID: CVE-2023-39147
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: August 1, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39147, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)