Lucene search

CVE-2023-24078

🗓️ 17 Feb 2023 07:11:15Reported by mitreType

cve🔗 web.nvd.nist.gov👁 72 Views🌐 WEB

Real Time Logic FuguHub v8.1 RCE vulnerabilit

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
Cvelist	CVE-2023-24078	17 Feb 202300:00	–	cvelist
Prion	Remote code execution	17 Feb 202307:15	–	prion
GithubExploit	Exploit for Code Injection in Realtimelogic Fuguhub	17 Jun 202303:39	–	githubexploit
GithubExploit	Exploit for Code Injection in Realtimelogic Fuguhub	17 Jun 202310:11	–	githubexploit
GithubExploit	Exploit for Code Injection in Realtimelogic Fuguhub	7 Dec 202303:45	–	githubexploit
GithubExploit	Exploit for Code Injection in Realtimelogic Fuguhub	17 Jun 202303:39	–	githubexploit
GithubExploit	Exploit for CVE-2024-27697	9 Mar 202422:24	–	githubexploit
Packet Storm	FuguHub 8.1 Remote Code Execution	3 Jul 202300:00	–	packetstorm
Exploit DB	FuguHub 8.1 - Remote Code Execution	3 Jul 202300:00	–	exploitdb
NVD	CVE-2023-24078	17 Feb 202307:15	–	nvd

Nvd

Node

realtimelogic fuguhubRange≤8.1windows

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/173279/FuguHub-8.1-Remote-Code-Execution.html
github	www.github.com/ojan2021/Fuguhub-8.1-RCE

Parameter	Position	Path	Description	CWE
user	path	/Config-Wizard/wizard/SetAdmin.lsp	Endpoint for creating an admin user which can be exploited to gain access for code injection.	CWE-94
password	path	/Config-Wizard/wizard/SetAdmin.lsp	Endpoint for creating an admin user which can be exploited to gain access for code injection.	CWE-94
recoverpassword	path	/Config-Wizard/wizard/SetAdmin.lsp	Endpoint for creating an admin user which can be exploited to gain access for code injection.	CWE-94
ba_username	path	/rtl/protected/wfslinks.lsp	Login endpoint that allows authentication and can be exploited to gain access for further code injections.	CWE-94
ba_password	path	/rtl/protected/wfslinks.lsp	Login endpoint that allows authentication and can be exploited to gain access for further code injections.	CWE-94
file	path	/fs/cmsdocs/	File upload endpoint to upload and execute malicious lua reverse shell scripts.	CWE-94

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Feb 2023 07:15Current

9High risk

Vulners AI Score9

CVSS38.8

EPSS0.66727

SSVC

CWE-94