Published: 17/12/2023 Updated: 11/04/2024

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hikvision intercom_broadcast_system

Check Point Reference: CPAI-2023-1637 Date Published: 18 Apr 2024 Severity: Critical ...

python3 CVE-2023-6895py -u targetcom -c cmd

CVE-2023-6895 漏洞扫描器这是一个简单的 Python 脚本，用于扫描网站以检查是否存在 CVE-2023-6895 漏洞。它发送修改过的请求到目标 URL，并检查响应中是否存在该漏洞。环境要求 Python 3 requests 库 tqdm 库你可以使用 pip 安装所需的库： pip install requests tqdm 使用方法你可以使用以下命令运行脚

python3 CVE-2023-6895py -u targetcom -c cmd

不定期更新POC和Nuclei脚本

主要收集一些 poc 以及对应的 fofa 语法和 nuclei 脚本当前漏洞数：19 声明由于传播、利用本文所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，作者不为此承担任何责任。所涉及工具来自网络，安全性自测。近期更新 2024-01-11 金和OA SAP_B1Config 未授权访问 �

CWE-78 https://vuldb.com/?id.248254 https://vuldb.com/?ctiid.248254 https://github.com/willchen0011/cve/blob/main/rce.md https://nvd.nist.gov https://github.com/FuBoLuSec/CVE-2023-6895 https://github.com/mewhz/poc https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2023-1637.html

CVE-2023-6895

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect