Vulnerability CVE-2023-28343


Published: 2023-03-14

Description:
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.

See advisories in our WLB2 database:
Topic
Author
Date
High
Altenergy Power Control Software C1.2.5 OS command injection
Ahmed Alroky
14.04.2023

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

 References:
https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md
https://apsystems.com

Copyright 2024, cxsecurity.com

 

Back to Top