Cyber Resilience

CVE-2023-24217

HighPublic PoC

Published: 06 March 2023

Published
06 March 2023
Modified
06 March 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0494 89.9th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-24217 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability in Agilebio Electronic Lab Notebook. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 10.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

AgileBio Electronic Lab Notebook version 4.234 contains a local file inclusion vulnerability tracked as CVE-2023-24217. The flaw is assigned CWE-98 and carries a CVSS 3.1 base score of 8.8, reflecting network attack vector, low complexity, and low privileges required for exploitation. The affected component is the Electronic Lab Notebook add-on within the LabCollector LIMS platform.

An authenticated remote attacker can supply crafted input to force inclusion of arbitrary local files. Successful exploitation grants read access to sensitive system files and, when combined with writable locations or server-side script execution, can lead to full remote code execution, resulting in complete compromise of confidentiality, integrity, and availability on the host.

Public exploit code demonstrating remote code execution against version 4.234 has been posted to Packet Storm. The associated EPSS score remains low, reaching a peak of only 0.0619 before receding to the current value of 0.0494, indicating limited observed exploitation interest since disclosure. No vendor advisory or patch information appears in the referenced sources.

EU & UK References

Vulnerability details

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

agilebio
electronic lab notebook
4.234

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References