CVE-2023-6675 in CyberMathinfo

Summary

by MITRE • 02/02/2024

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.

This issue affects CyberMath: from v.1.4 before v.1.5.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 05/20/2026

The vulnerability identified as CVE-2023-6675 represents a critical unrestricted file upload flaw in the National Keep Cyber Security Services CyberMath application. This security weakness allows attackers to bypass normal file validation mechanisms and upload malicious files with dangerous extensions directly to the web server. The vulnerability specifically impacts versions of CyberMath ranging from 1.4 through the pre-release state before version 1.5, indicating a window of exposure where organizations using these versions were at significant risk of compromise. The flaw stems from inadequate input validation and sanitization processes that fail to properly restrict file types accepted by the application's upload functionality.

The technical nature of this vulnerability aligns with CWE-434, which describes the improper restriction of uploads of files with dangerous types. Attackers can exploit this weakness by uploading web shell files that provide remote code execution capabilities on the compromised server. Once uploaded, these malicious files can be accessed through the web server, allowing threat actors to establish persistent access, execute arbitrary commands, and potentially escalate privileges within the affected environment. The vulnerability's impact is amplified by the fact that it allows unrestricted file uploads, meaning that attackers can upload any file type without proper validation, including executable scripts, binary files, or other malicious payloads that could be leveraged for further attacks.

The operational consequences of this vulnerability extend beyond simple unauthorized file uploads and can result in complete system compromise. Organizations using affected versions of CyberMath face significant risks including data breaches, unauthorized access to sensitive information, and potential lateral movement within their network infrastructure. The vulnerability creates a persistent backdoor that attackers can use to maintain access even after initial compromise, making it particularly dangerous for security monitoring and incident response efforts. Additionally, the web shell functionality provides attackers with the ability to conduct reconnaissance, establish command and control channels, and potentially use the compromised server as a launch point for attacking other systems within the organization's network.

Mitigation strategies for CVE-2023-6675 should focus on immediate remediation through software updates to version 1.5 or later, where the vulnerability has been addressed. Organizations should also implement additional protective measures including restrictive file upload validation, proper file type checking, and the implementation of web application firewalls to monitor and filter suspicious upload attempts. The remediation process should include comprehensive security testing to ensure that file upload functionality properly validates file extensions, content types, and file sizes. Security teams should also conduct regular vulnerability assessments and maintain updated threat intelligence to identify similar weaknesses in other applications and systems. This vulnerability demonstrates the critical importance of proper input validation and secure coding practices, aligning with ATT&CK technique T1190 for Exploit Public-Facing Application and T1059 for Command and Scripting Interpreter, which are commonly used by threat actors to establish persistent access through compromised web applications.

Reservation

12/11/2023

Disclosure

02/02/2024

Moderation

accepted

CPE

ready

EPSS

0.00579

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!