CVE-2023-33440
published 2023-05-26CVE-2023-33440: Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
PriorityP357high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
14.51%
96.2th percentile
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| faculty_evaluation_system_project | faculty_evaluation_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to /ajax.php?action=save_user or /eval/ajax.php?action=save_user containing multipart/form-data with a file upload field named 'img' and a .php filename — this is the exploit delivery mechanism for CVE-2023-33440. ↗
- →Alert on PHP files appearing under /assets/uploads/ on Faculty Evaluation System instances — this is where uploaded webshells are stored post-exploitation. ↗
- →The exploit is unauthenticated (no session/auth token required); detect multipart file uploads with Content-Type: application/octet-stream and a .php extension in the 'img' form field without a preceding authentication request. ↗
- →The exploit checks for a response body of exactly '1' (length 1) from the save_user endpoint to confirm successful upload — a WAF or IDS rule can match this response pattern alongside the upload request. ↗
- →The multipart boundary '---------------------------1037163726497' is hardcoded in the Nuclei PoC template and can serve as a static signature for this specific exploit tool. ↗
- ·The vulnerability is unauthenticated (CWE-434 unrestricted file upload) — no prior login or privilege is required to exploit it, meaning perimeter authentication controls alone are insufficient. ↗
- ·The Nuclei template targets /ajax.php?action=save_user (without the /eval/ prefix), while the NVD description uses /eval/ajax.php?action=save_user — detection rules should cover both path variants. ↗
- ·EPSS score is 0.90444 (99.6th percentile), indicating very high likelihood of active exploitation in the wild — prioritize detection and patching accordingly. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Faculty Evaluation System 1.0 - Unauthenticated File Upload
exploitdb·2023-05-31·CVSS 7.2
CVE-2023-33440 [HIGH] Faculty Evaluation System 1.0 - Unauthenticated File Upload
Faculty Evaluation System 1.0 - Unauthenticated File Upload
---
# Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload
# Date: 5/29/2023
# Author: Alex Gan
# Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/eval_2.zip
# Version: 1.0
# Tested on: LAMP Fedora server 38 (Thirty Eight) Apache/2.4.57 10.5.19-MariaDB PHP 8.2.6
# CVE: CVE-2023-33440
# References: https://nvd.nist.gov/vuln/detail/CVE-2023-33440
# https://www.exploit-db.com/exploits/49320
# https://github.com/F14me7wq/bug_report/tree/main/vendors/oretnom23/faculty-evaluation-system
#
#!/usr/bin/env python3
import os
import sys
import requests
import argpar
Nuclei
Faculty Evaluation System v1.0 - Remote Code Execution
nuclei·CVSS 7.2
CVE-2023-33440 [HIGH] Faculty Evaluation System v1.0 - Remote Code Execution
Faculty Evaluation System v1.0 - Remote Code Execution
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
Template:
id: CVE-2023-33440
info:
name: Faculty Evaluation System v1.0 - Remote Code Execution
author: Harsh
severity: high
description: |
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
remediation: |
Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability.
reference:
- http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.html
http://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.htmlhttps://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.mdhttp://packetstormsecurity.com/files/172672/Faculty-Evaluation-System-1.0-Shell-Upload.htmlhttps://github.com/F14me7wq/bug_report/blob/main/vendors/oretnom23/faculty-evaluation-system/RCE-1.md
2023-05-26
Published