CVE-2023-23333

CVSS 9.8 CRITICALEPSS 99.3%CWE-77

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 5

githubgithub.com/Mr-xn/CVE-2023-23333★ 15 githubgithub.com/Timorlover/CVE-2023-23333★ 8 githubgithub.com/emanueldosreis/nmap-CVE-2023-23333-exploit★ 2 cve_referencepacketstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/51886unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html https://github.com/Timorlover/CVE-2023-23333