Headline
CVE-2023-4749: 【CVE-2023-4749】Open Source AMPLE Inventory Management System v1.0 by mayuri_k has a File Inclusion Vulnerability
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238638 is the identifier assigned to this vulnerability.
未分类
2023年9月3日2023年9月4日 1 Minute
Update
Update 2023/09/04
The vulnerability has been included and approved for public disclosure by MITRE.
CVE Record:CVE-2023-4749
NVD-CVE-2023-4749
Update 2023/09/03
On September 3rd, I submitted the vulnerability to the VulDB and was assigned a CVE number.
Vuln_Author: WEI(ギカク)
AMPLE is an open source inventory management system , written in php , for inventory management and monitoring of goods.
The following powerful features are included:
- Real-time Stock Visibility: Keep track of your inventory levels in real-time, ensuring you never run out of stock or overstock.
- Accurate Sales Tracking: Monitor sales patterns, identify popular products, and make data-driven decisions.
- Order Management: Process orders efficiently, reducing fulfillment time and enhancing customer satisfaction.
- Cost Savings: Minimize losses due to overstocking, spoilage, or theft, maximizing profitability.
You can find the open-source code for AMPLE at this: AMPLE
File Inclusion Vulnerability
The file inclusion vulnerability exists in the index.php file with the following source code
<?php require_once 'inc/header.php’; ?> <?php require_once 'inc/sidebar.php’; ?>
<!-- Content Wrapper. Contains page content -->
<?php if (isset($_GET[‘page’])) { $page =’pages/’ .$_GET[‘page’].’.php’;
}else{
$page = 'pages/dashboard.php';
}
if (file\_exists($page)) {
require\_once $page;
}else{
require\_once 'pages/error\_page.php';
}
?> <!-- Control Sidebar --> <aside class="control-sidebar control-sidebar-dark"> <!-- Control sidebar content goes here --> </aside> <!-- /.control-sidebar -->
<?php require_once 'inc/footer.php’; ?>
This code has a file inclusion vulnerability.
CWE-98
Unsanitized input from an HTTP parameter flows into require_once, where it is included dynamically. Allowing unvalidated user input to control files that are included dynamically in PHP can lead to malicious code execution.
PoC
Since it is a common file inclusion vulnerability, it can be very simple to construct a piece of malicious code to trigger the vulnerability.
http://targetsite.com/index.php?page=../../../etc/passwd
There is no /etc/passwd because the system was built in a Windows local environment, but the picture shows that the Payload was executed successfully. There is a typical file inclusion vulnerability here.
投稿ナビゲーション