CVE-2023-27886

Name of the Vulnerable Software and Affected Versions Osprey Pump Controller version 1.01

Description The issue is related to an unauthenticated OS command injection vulnerability. This vulnerability can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter. The parameter is called by the index.php script.

Recommendations For Osprey Pump Controller version 1.01, consider disabling the HTTP POST parameter in the index.php script as a temporary workaround until a patch is available. Restrict access to the index.php script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.