CVE-2023-50760 – Online Notice Board System v1.0 has an insecure... (How to Fix)

Q: What is the severity of CVE-2023-50760?

CVE-2023-50760 has a CVSS score of 8.8 (HIGH). Online Notice Board System v1.0 has an insecure file upload vulnerability that allows authenticated attackers to upload malicious files. This can lead to remote code execution on the server hosting the application. Organizations using this specific software version are affected.

📋 TL;DR

Online Notice Board System v1.0 has an insecure file upload vulnerability that allows authenticated attackers to upload malicious files. This can lead to remote code execution on the server hosting the application. Organizations using this specific software version are affected.

💻 Affected Systems

Products:

Online Notice Board System

Versions: v1.0

Operating Systems: Any OS running PHP web server

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to the update_profile_pic.php page

📦 What is this software?

Online Notice Board System by Kashipara

View all CVEs affecting Online Notice Board System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing attacker to execute arbitrary commands, steal data, install malware, or pivot to other systems.

🟠

Likely Case

Attacker gains shell access to the web server, potentially accessing sensitive data and modifying website content.

🟢

If Mitigated

File uploads are blocked or properly validated, preventing malicious file execution while maintaining legitimate functionality.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.kashipara.com/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Implement File Upload Validation

all

Add server-side validation to restrict uploaded files to specific extensions and verify file content

Modify user/update_profile_pic.php to validate file extensions and MIME types

Disable File Upload Feature

all

Temporarily disable the profile picture upload functionality

Comment out or remove file upload code in update_profile_pic.php

🧯 If You Can't Patch

Implement web application firewall rules to block malicious file uploads
Restrict access to the update_profile_pic.php page to trusted users only

🔍 How to Verify

Check if Vulnerable:

Attempt to upload a PHP file via the profile picture upload feature and check if it executes

Check Version:

Check software version in admin panel or readme files

Verify Fix Applied:

Test that only allowed file types can be uploaded and uploaded files cannot be executed as code

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to update_profile_pic.php
Uploads of non-image file types
Multiple failed upload attempts

Network Indicators:

POST requests to update_profile_pic.php with unusual file extensions
Large file uploads to the profile update endpoint

SIEM Query:

source="web_server" AND uri="*/update_profile_pic.php" AND (file_extension="php" OR file_extension="exe" OR file_extension="sh")

📊 Metadata

CVE ID: CVE-2023-50760

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: January 4, 2024

Last Updated: November 21, 2024

🔗 References

https://fluidattacks.com/advisories/arrau/ Exploit,Third Party Advisory
https://www.kashipara.com/ Product
https://fluidattacks.com/advisories/arrau/ Exploit,Third Party Advisory
https://www.kashipara.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-50760, you might also want to check these: