cbcvebase.
CVE-2023-29887
published 2023-04-18

CVE-2023-29887: A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.

PriorityP356high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
4.74%
90.7th percentile
A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
nuovospreadsheet-reader

Detection & IOCsextracted from sources · hover to see the quote

path/spreadsheet-reader/test.php
commandGET /spreadsheet-reader/test.php?File=../../../../../../../../../../../etc/passwd
  • Detect LFI exploitation attempts targeting the 'File' parameter in test.php; match HTTP GET requests to test.php with path traversal sequences in the File parameter.
  • Use regex 'root:[x*]:0:0' in HTTP response body to confirm successful /etc/passwd inclusion and active exploitation.
  • Monitor for HTTP 200 responses to requests containing path traversal strings (e.g., '../../../') targeting test.php on spreadsheet-reader installations.
  • ·The vulnerability is only present in spreadsheet-reader version 0.5.11; installations under both '/spreadsheet-reader/' and '/nuovo/spreadsheet-reader/' path prefixes should be checked.
  • ·The Nuclei template uses stop-at-first-match across two candidate base paths, meaning only one path may be probed per scan run; ensure both paths are covered in detection logic.
  • ·High EPSS score (0.88637, 99.5th percentile) indicates this vulnerability is actively being exploited in the wild; prioritize detection and patching accordingly.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.