CVE-2023-53945

Name of the Vulnerable Software and Affected Versions BrainyCP version 1.0

Description BrainyCP version 1.0 has an authenticated remote code execution issue. Logged-in users can inject arbitrary commands through the crontab configuration interface. Attackers can exploit the issue by adding a malicious command to the crontab endpoint, potentially spawning a reverse shell to a specified IP and port. The crontab endpoint is the point of exploitation, and the command parameter is used to inject malicious code.

Recommendations Apply a fix or update to a newer version that addresses this issue. As a temporary workaround, restrict access to the crontab configuration interface to minimize the risk of exploitation.