Published: 14/03/2023 Updated: 10/04/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apsystems energy_communication_unit_firmware c1.2.5

Altenergy Power Control Software version C125 suffers from a command injection vulnerability ...

Altenergy Power System Control Software set_timezone RCE Vulnerability (CVE-2023-28343)

CVE-2023-28343 Altenergy Power System Control Software set_timezone RCE Vulnerability (CVE-2023-28343) Chinese name: Altenergy Power System Control Software set_timezone 远程命令执行漏洞（CVE-2023-28343） CVSS core:90 Description : Altenergy Power System Control Software is a microinverter control software from Altenergy Power System Impact : There is a security vul

CVE-2023-28343 POC exploit

CVE-2023-28343 CVE-2023-28343 POC exploit Usage usage: exploitpy [-h] -t TARGET [-l LOCALHOST] [-p LOCALPORT] optional arguments: -h, --help show this help message and exit -t TARGET, --target TARGET Target url, localhost:9000 -l LOCALHOST, --localhost LOCALHOST Local IP address for reverse shell -p LOC

CWE-78 https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md https://apsystems.com http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html https://nvd.nist.gov https://github.com/gobysec/CVE-2023-28343 https://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html

CVE-2023-28343

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect