Back to directory
WRITEUP #1594

[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI

RCESSTISecurity code review
by@C1sc01(Patrick Hener)
Program
-
Published
Feb 7, 2023
Added to HackDex
Feb 26, 2023
Read Full Writeuphttps://hesec.de/posts/cve-2023-22855/
RELATED WRITEUPS
WPML Multilingual CMS Authenticated Contributor+ Remote Code Execution (RCE) via Twig Server-Side Template Injection (SSTI)
RCESSTI
Chaining Three Bugs to Access All Your ServiceNow Data
RCESSTI
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle
RCESecurity code review

Built with ❤️ by Shubham Rawat