CVE-2023-0830
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Summary
A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | EasyNAS | 1.1.0 | affected |
Weaknesses
- CWE-78: OS Command Injection
- CWE-77: Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://vuldb.com/?id.220950
- https://vuldb.com/?ctiid.220950
- https://gist.github.com/xbz0n/674af0e802efaaafe90d2f67464c2690
References
- https://vuldb.com/?id.220950
- https://vuldb.com/?ctiid.220950
- https://vuldb.com/?submit.86683
- https://github.com/xbz0n/CVE-2023-0830
- https://www.exploit-db.com/exploits/51266
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.