CVE-2023-41564

Vulnerability

Overview

CVE-2023-41564 is an arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 [1]. The root cause is insufficient validation of uploaded file types, allowing attackers to upload files with the .shtml extension. Server-side includes (SSI) in .shtml files can be processed by the web server, leading to arbitrary code execution [2].

Exploitation

An attacker must first authenticate to Cockpit CMS with an account that has permission to upload assets [3]. The exploit involves crafting a malicious .shtml file containing server-side include directives or embedded code. After uploading, the attacker accesses the file via its asset link, triggering execution of the embedded code on the server [3].

Impact

Successful exploitation allows the attacker to execute arbitrary commands on the underlying server, potentially leading to full compromise of the Cockpit CMS instance and its data. This includes reading sensitive files, modifying content, or using the server as a pivot for further attacks [2].

Mitigation

As of the publication date, no official patch has been announced for Cockpit CMS v2.6.3. Users are advised to restrict upload permissions to trusted users only, disable SSI processing for uploaded files, or upgrade to a patched version if available [1][2].