cbcvebase.
CVE-2023-36347
published 2023-06-30

CVE-2023-36347: A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.

PriorityP271high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
32.35%
98.1th percentile
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.

Affected

1 ranges
VendorProductVersion rangeFixed in
codekopcodekop

Detection & IOCsextracted from sources · hover to see the quote

path/excel.php
path/pos-kasir-php/excel.php
  • Unauthenticated HTTP GET request to /excel.php or /pos-kasir-php/excel.php returning Content-Type: application/vnd.ms-excel indicates successful exploitation of the broken authentication vulnerability.
  • Response body containing the string 'Document' alongside the application/vnd.ms-excel Content-Type header confirms unauthenticated access to selling data via the vulnerable endpoint.
  • ·The Nuclei template uses stop-at-first-match, meaning only the first matching path (/excel.php or /pos-kasir-php/excel.php) will be tested per target. Ensure both paths are checked independently if performing manual detection.
  • ·Detection requires both conditions to match simultaneously (matchers-condition: and) — the response body must contain 'Document' AND the Content-Type header must be 'application/vnd.ms-excel'. A single condition alone is insufficient for a confirmed finding.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.