exploitDog

CVE-2023-30261

Опубликовано: 26 июн. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.

Ссылки

https://eldstal.se/advisories/230329-openwb.html
Exploit
Mitigation
Third Party Advisory
https://github.com/snaptec/openWB/issues/2672
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://github.com/snaptec/openWB/pull/2673
Patch
https://eldstal.se/advisories/230329-openwb.html
Exploit
Mitigation
Third Party Advisory
https://github.com/snaptec/openWB/issues/2672
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://github.com/snaptec/openWB/pull/2673
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openwb:openwb:1.6:*:*:*:*:*:*:*

cpe:2.3:a:openwb:openwb:1.7:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.53692

Средний

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-65wg-c4j5-gmx8

CVSS3: 9.8

github

больше 2 лет назад

Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.

EPSS

Процентиль: 98%

0.53692

Средний

9.8 Critical

CVSS3

Дефекты

CWE-78