Vulnerability Details CVE-2023-28343
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.938
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
References
- http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html
- https://apsystems.com
- https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md
- http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html
- https://apsystems.com
- https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md
Products affected by CVE-2023-28343
-
cpe:2.3:h:apsystems:energy_communication_unit:-
-
cpe:2.3:o:apsystems:energy_communication_unit_firmware:c1.2.5