CVE-2023-43835 – This vulnerability allows authenticated attacke... (How to Fix)

Q: What is the severity of CVE-2023-43835?

CVE-2023-43835 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated attackers to inject arbitrary PHP code into the config.inc.php file of Super Store Finder, leading to remote code execution. It affects Super Store Finder version 3.7 and below, requiring attacker authentication but enabling full system compromise.

📋 TL;DR

This vulnerability allows authenticated attackers to inject arbitrary PHP code into the config.inc.php file of Super Store Finder, leading to remote code execution. It affects Super Store Finder version 3.7 and below, requiring attacker authentication but enabling full system compromise.

💻 Affected Systems

Products:

Super Store Finder

Versions: 3.7 and below

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to vulnerable admin interface.

📦 What is this software?

Super Store Finder by Superstorefinder

View all CVEs affecting Super Store Finder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with attacker gaining root/system-level access, data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Web server compromise leading to website defacement, data exfiltration, and use as a foothold for further attacks.

🟢

If Mitigated

Limited impact with proper authentication controls, file integrity monitoring, and restricted file permissions preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access but is straightforward with publicly available proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.8 or later

Vendor Advisory: https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html

Restart Required: No

Instructions:

1. Download latest version from official source. 2. Backup current installation. 3. Replace all files with patched version. 4. Verify config.inc.php permissions are set to read-only.

🔧 Temporary Workarounds

Restrict config file permissions

linux

Set config.inc.php to read-only for web server user

chmod 444 config.inc.php

Disable vulnerable admin interface

all

Temporarily disable admin access until patching

mv admin/ admin_disabled/

🧯 If You Can't Patch

Implement strict authentication controls and monitor admin access logs
Deploy web application firewall with RCE protection rules

🔍 How to Verify

Check if Vulnerable:

Check version number in admin panel or readme.txt file

Check Version:

grep -i version readme.txt || cat admin/version.txt

Verify Fix Applied:

Verify version is 3.8+ and config.inc.php has proper permissions (444)

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to admin settings pages
File modification timestamps on config.inc.php
Suspicious PHP code in config files

Network Indicators:

HTTP requests with PHP code in parameters
Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND (uri_path="/admin/*" AND method="POST" AND (param="*php*" OR param="*system*" OR param="*exec*"))

📊 Metadata

CVE ID: CVE-2023-43835

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

Published: October 2, 2023

Last Updated: November 21, 2024

🔗 References

https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html Exploit,Third Party Advisory,VDB Entry
https://packetstormsecurity.com/files/174756/Super-Store-Finder-3.7-Remote-Command-Execution.html Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43835, you might also want to check these: