cve/2023/CVE-2023-7102.md

### [CVE-2023-7102](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7102)
![](https://img.shields.io/static/v1?label=Product&message=Barracuda%20ESG%20Appliance&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1104%3A%20Use%20of%20Unmaintained%20Third%20Party%20Components&color=brighgreen)

### Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance, from 5.1.3.001 through 9.2.1.001, until Barracuda removed the vulnerable logic.

### POC

#### Reference
- https://github.com/haile01/perl_spreadsheet_excel_rce_poc
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md

#### Github
- https://github.com/Ostorlab/KEV
- https://github.com/vinzel-ops/vuln-barracuda