Login Sign Up

CVE-2023-39448

8.8 HIGH
Remote Code Execution Path Traversal

📋 TL;DR

This path traversal vulnerability in SHIRASAGI CMS allows authenticated attackers to manipulate server files by exploiting improper path validation. Attackers can create or modify arbitrary files, potentially leading to remote code execution. Organizations running SHIRASAGI versions before 1.18.0 are affected.

💻 Affected Systems

Products:
  • SHIRASAGI
Versions: All versions prior to v1.18.0
Operating Systems: Any OS running SHIRASAGI
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user access to exploit the vulnerability.

📦 What is this software?

Shirasagi by Ss Proj

View all CVEs affecting Shirasagi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary code execution, data theft, and persistent backdoor installation.

🟠

Likely Case

Website defacement, data manipulation, and limited code execution within the application context.

🟢

If Mitigated

Attackers can only access files within the intended directory structure if proper input validation is implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but path traversal vulnerabilities are typically straightforward to exploit once identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.18.0 and later

Vendor Advisory: https://www.ss-proj.org/support/954.html

Restart Required: Yes

Instructions:

1. Backup your SHIRASAGI installation and database. 2. Download SHIRASAGI v1.18.0 or later from the official repository. 3. Replace the existing installation with the updated version. 4. Restart the web server and application services.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation for file path parameters to prevent directory traversal sequences.

# Requires code modification to validate and sanitize file path inputs

Access Restriction

all

Restrict authenticated user permissions to minimize file system access.

# Configure application permissions to limit file write operations

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block path traversal patterns
  • Restrict network access to SHIRASAGI instances and implement strict authentication controls

🔍 How to Verify

Check if Vulnerable:

Check SHIRASAGI version by examining the application's version file or admin interface.

Check Version:

Check the version.txt file in the SHIRASAGI installation directory or use the admin dashboard.

Verify Fix Applied:

Confirm installation of v1.18.0 or later and test file upload functionality with traversal attempts.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file creation/modification patterns
  • Multiple failed path traversal attempts in access logs
  • Suspicious file paths containing '../' sequences

Network Indicators:

  • HTTP requests with path traversal sequences in parameters
  • Unexpected file uploads to unusual locations

SIEM Query:

source="web_logs" AND (uri="*../*" OR params="*../*") AND status=200

📊 Metadata

CVE ID: CVE-2023-39448
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: September 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39448, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)