CVE-2023-28343

EPSS 85.3%

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.

Affected products

n/a · n/a

public PoCs found — 4

githubgithub.com/superzerosec/CVE-2023-28343★ 8 githubgithub.com/gobysec/CVE-2023-28343★ 6 cve_referencepacketstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.htmlunverified exploitdbwww.exploit-db.com/exploits/51325unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html https://apsystems.com https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md