CVE-2023-30261: Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.
0.0
CVSS
Description
Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.
Classification
CVE ID: CVE-2023-30261
CVSS Base Severity: LOW
CVSS Base Score: 0.0
Affected Products
Vendor: n/a
Product: n/a
Exploit Prediction Scoring System (EPSS)
EPSS Score: 3.36% (probability of being exploited)
EPSS Percentile: 91.35% (scored less or equal to compared to others)
EPSS Date: 2025-02-03 (when was this score calculated)
References
https://github.com/snaptec/openWB/issues/2672https://github.com/snaptec/openWB/pull/2673
https://eldstal.se/advisories/230329-openwb.html