CVE-2023-1773

MEDIUM

Rockoa 2.3.2 - Code Injection in Configuration File Handler

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-1773. PoCs published by CRONUS-Security, C1oudfL0w0.

AI-analyzed exploit summary This repository contains a debug environment for CVE-2023-1773, targeting the Xinhu OA system v2.3.2. It includes a modified `reimplatAction.php` file to expose encoded/decoded data for debugging purposes.

Description

A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.

Exploits (2)

nomisec WORKING POC 3 stars

by CRONUS-Security · poc

https://github.com/CRONUS-Security/xinhu-v2.3.2

View Code ZIP pw:eip

This repository contains a debug environment for CVE-2023-1773, targeting the Xinhu OA system v2.3.2. It includes a modified `reimplatAction.php` file to expose encoded/decoded data for debugging purposes.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Xinhu OA v2.3.2

No auth needed

Prerequisites: Access to the target system's API endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by C1oudfL0w0 · poc

https://github.com/C1oudfL0w0/CVE-2023-1773-Exploit

View Code ZIP pw:eip

This PoC exploits CVE-2023-1773 in XinhuOA by changing the admin password and injecting a PHP payload via a vulnerable API endpoint, leading to remote code execution (RCE). The exploit uses a custom encoding function (`strlook`) to obfuscate payloads and leverages session management for authentication bypass.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: XinhuOA (version not specified)

No auth needed

Prerequisites: Target URL with vulnerable XinhuOA instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.224674

Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.224674

Permissions Required exploit

https://gitee.com/galaxies2580/cve/blob/master/xinhuv2.3.2.md

Scores

CVSS v3 6.3

EPSS 0.0729

EPSS Percentile 91.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-94

Status published

Products (1)

rockoa/rockoa 2.3.2

Published Mar 31, 2023

Tracked Since Feb 18, 2026