Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-22855

Published: 15/02/2023 Updated: 10/04/2023
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Kardex Control Center

Vulnerability Summary

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisation. This yields the possibility of including local files, as well as remote files on SMB shares. If one provides a file with the extension .t4, it is rendered with the .NET templating engine mono/t4, which can execute code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kardex kardex control center 5.7.12\\+0-a203c2a213-master

Exploits

Exploit DB: Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution
Kardex Mlog MCC version 5712+0-a203c2a213-master suffers from a file inclusion vulnerability that allows for remote code execution ...
Exploit DB: Kardex Mlog MCC 5.7.12 Remote Code Execution
Kardex Mlog MCC version 5712 suffers from a remote code execution vulnerability ...

Github Repositories

https://github.com/vianic/CVE-2023-22855

Security Vulnerability - Kardex Mlog MCC

CVE-2023-22855 This vulnerability was discovered and disclosed by Patrick Hener and myself This repository will hold the advisory and the link to the exploit This repository is only for educational purposes Links Vendor Website: wwwkardexcom/en/mlog-control-center Exploit on Exploit-DB: wwwexploit-dbcom/exploits/51239 Exploit on Patrick Hener's Gith

https://github.com/patrickhener/CVE-2023-22855

CVE-2023-22855 This vulnerability was discovered and disclosed by Nico Viakowski and myself This repository will hold the advisory and the exploit This repository is only for educational purposes Links Vendor Website: wwwkardexcom/en/mlog-control-center Exploit on Exploit-DB: wwwexploit-dbcom/exploits/51239 Blog Post Advisory: hesecde/posts/CVE-

References

CWE-94https://github.com/patrickhener/CVE-2023-22855/blob/main/advisory/advisory.mdhttp://seclists.org/fulldisclosure/2023/Feb/10http://packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Execution.htmlhttps://www.exploit-db.com/exploits/51239https://nvd.nist.govhttps://github.com/vianic/CVE-2023-22855https://packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master-File-Inclusion-Remote-Code-Execution.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook