admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-42222.md
0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37
2024-06-22 09:37:59 +00:00

20 lines
849 B
Markdown
Raw Blame History

### [CVE-2023-42222](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42222)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
### POC
#### Reference
- http://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html
- https://github.com/itssixtyn3in/CVE-2023-42222
#### Github
- https://github.com/itssixtyn3in/CVE-2023-42222
- https://github.com/nomi-sec/PoC-in-GitHub
Reference in New Issue View Git Blame Copy Permalink