How severe is CVE-2023-6848?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-6848?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2023-6848 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2005-2773

CRITICAL

CVSS:9.8(Critical)

HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3)...

CWE-772005

CVE-2007-3010

CRITICAL

CVSS:9.8(Critical)

masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user...

CWE-772007

CVE-2008-7313

CRITICAL

CVSS:9.8(Critical)

The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.

CWE-772008

CVE-2008-7315

CRITICAL

CVSS:9.8(Critical)

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.

CWE-772008

CVE-2008-7319

CRITICAL

CVSS:9.8(Critical)

The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing ...

CWE-772008

CVE-2009-5156

CRITICAL

CVSS:9.8(Critical)

An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.

CWE-772009