CVE-2023-36348
published 2023-06-23CVE-2023-36348: POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
PriorityP265high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
6.37%
92.8th percentile
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codekop | codekop | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for multipart/form-data POST requests to /fungsi/edit/edit.php?gambar=user where the uploaded filename has a .php extension rather than a legitimate image extension. ↗
- →Detect Content-Type spoofing: uploaded file declared as image/jpeg but filename carries a .php extension in the Content-Disposition header. ↗
- →Alert on HTTP GET requests to /assets/img/user/ paths that resolve to .php files, indicating a previously uploaded web shell is being accessed. ↗
- ·The exploit requires prior authentication (valid session cookie) before the malicious upload can be performed; unauthenticated access to the upload endpoint alone is insufficient. ↗
- ·The web shell is dropped under /assets/img/user/ with a random numeric prefix, so detection rules must use a wildcard/regex pattern rather than a fixed filename. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.htmlhttps://www.youtube.com/watch?v=Ge0zqY0sGiQhttps://yuyudhn.github.io/pos-codekop-vulnerability/http://packetstormsecurity.com/files/173278/POS-Codekop-2.0-Shell-Upload.htmlhttps://www.youtube.com/watch?v=Ge0zqY0sGiQhttps://yuyudhn.github.io/pos-codekop-vulnerability/
2023-06-23
Published