CVE-2023-27253

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-91
View all →

Vulnerability Description

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.

Related Vulnerabilities

CVE-2018-16785

HIGH
CVSS:8.8(High)

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

CWE-912018

CVE-2018-19277

HIGH
CVSS:8.8(High)

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file

CWE-912018

CVE-2018-2477

HIGH
CVSS:8.8(High)

Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.

CWE-912018

CVE-2019-17323

HIGH
CVSS:8.8(High)

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation and execution via report print function of rexpert viewer with modified XML document. User interaction is required to expl...

CWE-912019

CVE-2021-2322

HIGH
CVSS:8.8(High)

Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to comprom...

CWE-912021

CVE-2021-36359

HIGH
CVSS:8.8(High)

OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remote code execution (RCE) via XML tag injection because reportlab\platypus\paraparser.py (reached via bscw.cgi op=_editfolder.EditFo...

CWE-912021