Login Sign Up

CVE-2023-42387

7.5 HIGH

📋 TL;DR

This vulnerability in TDSQL Chitu management platform allows remote attackers to access sensitive database information through an unsecured function in install.php. It affects organizations using TDSQL Chitu management platform version 10.3.19.5.0. The exposure occurs via the get_db_info function which improperly discloses database configuration details.

💻 Affected Systems

Products:
  • TDSQL Chitu Management Platform
Versions: v10.3.19.5.0
Operating Systems: Linux
Default Config Vulnerable: ⚠️ Yes
Notes: The install.php file with vulnerable get_db_info function is typically accessible during and after installation.

📦 What is this software?

Tdsql Chitu by Tdsql Chitu Project

View all CVEs affecting Tdsql Chitu →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain database credentials and configuration, leading to full database compromise, data exfiltration, and potential lateral movement to other systems.

🟠

Likely Case

Attackers access database connection strings, credentials, and configuration details, enabling unauthorized database access and potential data theft.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to information disclosure without direct database access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires simple HTTP requests to the vulnerable endpoint without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Remove or restrict access to install.php file after installation completes.

🔧 Temporary Workarounds

Remove install.php file

linux

Delete or rename the vulnerable install.php file after installation

mv /path/to/install.php /path/to/install.php.bak
rm /path/to/install.php

Restrict access via web server

all

Configure web server to block access to install.php

# Apache: Add to .htaccess
<Files "install.php">
    Order allow,deny
    Deny from all
</Files>
# Nginx: Add to server block
location ~ /install\.php$ {
    deny all;
    return 403;
}

🧯 If You Can't Patch

  • Implement strict network access controls to limit access to management interface
  • Monitor and alert on access attempts to install.php endpoint

🔍 How to Verify

Check if Vulnerable:

Attempt to access http://[target]/install.php?action=get_db_info and check for database information disclosure

Check Version:

Check platform version in web interface or configuration files

Verify Fix Applied:

Verify install.php file is removed or returns 403/404 when accessed

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to install.php with get_db_info parameter
  • Unusual database connection attempts from web server

Network Indicators:

  • HTTP GET requests to /install.php?action=get_db_info
  • Outbound database connections from web server to unexpected targets

SIEM Query:

source="web_access.log" AND uri="/install.php" AND query="*get_db_info*"

📊 Metadata

CVE ID: CVE-2023-42387
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-200
Published: September 18, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42387, you might also want to check these:

CVE-2025-61481 10.0

MikroTik RouterOS and SwOS expose their WebFig management interface over unencrypted HTTP by default...

Same vulnerability type (CWE-200)
CVE-2025-53624 10.0

The Docusaurus gists plugin versions before 4.0.0 expose GitHub Personal Access Tokens in client-sid...

Same vulnerability type (CWE-200)
CVE-2023-49103 10.0

This vulnerability in ownCloud's graphapi app exposes PHP configuration details (phpinfo) via a thir...

Same vulnerability type (CWE-200)