CVE-2023-3267

Name of the Vulnerable Software and Affected Versions CyberPower PowerPanel Enterprise (affected versions not specified)

Description The issue allows an authenticated user to pass arbitrary OS commands through the username field when adding a remote backup location. This field is passed without sanitization into CMD running as NT/Authority System, enabling an authenticated attacker to execute arbitrary code with system-level access to the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.