admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-26429.md

18 lines
997 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-26429](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26429)
![](https://img.shields.io/static/v1?label=Product&message=OX%20App%20Suite&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%207.10.6-rev39%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77%20Improper%20Neutralization%20of%20Special%20Elements%20used%20in%20a%20Command%20('Command%20Injection')&color=brighgreen)
### Description
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.
### POC
#### Reference
- http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html
#### Github
No PoCs found on GitHub currently.
Reference in New Issue Copy Permalink