CVE-2023-50073 – EmpireCMS v7.5 contains a SQL injection vulnera... (How to Fix)

Q: What is the severity of CVE-2023-50073?

CVE-2023-50073 has a CVSS score of 9.8 (CRITICAL). EmpireCMS v7.5 contains a SQL injection vulnerability in the ftppassword parameter at SetEnews.php. This allows attackers to execute arbitrary SQL commands on the database. All EmpireCMS v7.5 installations using default configurations are affected.

📋 TL;DR

EmpireCMS v7.5 contains a SQL injection vulnerability in the ftppassword parameter at SetEnews.php. This allows attackers to execute arbitrary SQL commands on the database. All EmpireCMS v7.5 installations using default configurations are affected.

💻 Affected Systems

Products:

EmpireCMS

Versions: v7.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all EmpireCMS v7.5 installations. The vulnerability is in the core CMS code and doesn't depend on specific configurations.

📦 What is this software?

Empirecms by Leadscloud

View all CVEs affecting Empirecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, authentication bypass, and potential remote code execution via database functions.

🟠

Likely Case

Database information disclosure, data manipulation, and potential privilege escalation within the CMS.

🟢

If Mitigated

Limited impact with proper input validation and database permissions restricting query execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access SetEnews.php. The SQL injection is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v7.5 with security patch applied

Vendor Advisory: https://github.com/leadscloud/EmpireCMS/issues/7

Restart Required: No

Instructions:

1. Download the latest EmpireCMS version or security patch. 2. Replace the vulnerable SetEnews.php file. 3. Verify the fix by testing the ftppassword parameter.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to filter SQL special characters from ftppassword parameter

Modify SetEnews.php to sanitize ftppassword input using prepared statements or parameterized queries

Access Restriction

all

Restrict access to SetEnews.php to trusted IP addresses only

Add .htaccess rules or web server configuration to limit access to SetEnews.php

🧯 If You Can't Patch

Implement WAF rules to block SQL injection patterns targeting ftppassword parameter
Restrict database user permissions to minimum required operations

🔍 How to Verify

Check if Vulnerable:

Test ftppassword parameter in SetEnews.php with SQL injection payloads like ' OR '1'='1

Check Version:

Check EmpireCMS version in admin panel or readme files

Verify Fix Applied:

Test the same SQL injection payloads after patching to confirm they no longer work

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by SetEnews.php access
SQL error messages in web server logs

Network Indicators:

POST requests to SetEnews.php with SQL injection patterns in parameters

SIEM Query:

source="web_server" AND uri="/SetEnews.php" AND (param="ftppassword" AND value MATCHES "[';]|OR|UNION|SELECT")

📊 Metadata

CVE ID: CVE-2023-50073

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: December 14, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/leadscloud/EmpireCMS/issues/7 Exploit
https://github.com/leadscloud/EmpireCMS/issues/7 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50073, you might also want to check these: