PT-2023-17233 · Rockoa · Rockoa

Galaxies2580

Publicado

2023-03-31

Atualizado

2024-05-17

CVE-2023-1773

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Rockoa version 2.3.2

Description A critical issue has been found in the Configuration File Handler component, specifically affecting the webmainConfig.php file. This issue leads to code injection and can be initiated remotely. The exploit for this issue has been disclosed publicly.

Recommendations For Rockoa version 2.3.2, consider disabling the Configuration File Handler component or restricting access to the webmainConfig.php file until a patch is available. As a temporary workaround, avoid using the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2023-1773

Produtos afetados

Rockoa

PT-2023-17233 · Rockoa · Rockoa

CVE-2023-1773

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7