Miggo Logo
Miggo Vulnerability Database
CVE-2023-4195

CVE-2023-4195: Cockpit PHP Remote File Inclusion vulnerability

9.9

CVSS Score
3.0

Basic Information

CVE ID
CVE-2023-4195
GHSA ID
GHSA-xcq3-7pf3-5jvc
EPSS Score
0.69215%
CWE
CWE-98
Published
8/6/2023
Updated
11/12/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
cockpit-hq/cockpitcomposer< 2.6.32.6.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability arises from insufficient validation of file extensions during upload. The patch explicitly adds '.phps' to the list of blocked extensions in the file modules/Assets/bootstrap.php, confirming that the original code allowed such files. This oversight enabled attackers to upload malicious PHP files (e.g., .phps) via the system's file upload utility. The improper validation in this file directly maps to CWE-98 (PHP RFI), as the application did not properly restrict filenames for inclusion/execution. The code change in the commit and the CWE classification strongly indicate that the file upload handler in this file was the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

P*P R*mot* *il* In*lusion in *it*u* r*pository *o*kpit-*q/*o*kpit prior to *.*.*. Us*rs m*y uplo** p*p *il*s t*rou** t** syst*m *il* uplo** utility to o*t*in r*mot* *o** *x**ution.

Reasoning

T** vuln*r**ility *ris*s *rom insu**i*i*nt v*li**tion o* *il* *xt*nsions *urin* uplo**. T** p*t** *xpli*itly ***s '.p*ps' to t** list o* *lo*k** *xt*nsions in t** *il* `mo*ul*s/*ss*ts/*ootstr*p.p*p`, *on*irmin* t**t t** ori*in*l *o** *llow** su** *il