Page 2 of 6 results (0.001 seconds)
CVSS: 8.8EPSS: 0%CPEs: 45EXPL: 0
CVSS: 8.8EPSS: 0%CPEs: 45EXPL: 0CVE-2023-3260
https://notcve.org/view.php?id=CVE-2023-3260
The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system. • https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •