Vulners
Lucene search
CVE-2023-52251
🗓️ 25 Jan 2024 00:00:00Reported by mitreType 
cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 138 Views🌐 WEB
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Kafka UI 0.7.1 Command Injection Exploit | 20 Feb 202400:00 | – | zdt |
 | Exploit for Code Injection in Provectus Ui | 6 Jan 202411:07 | – | githubexploit |
 | CVE-2023-52251 | 25 Jan 202422:26 | – | circl |
 | kafka-ui OS Command Injection Vulnerability | 25 Jan 202400:00 | – | cnnvd |
 | CVE-2023-52251 | 25 Jan 202400:00 | – | cvelist |
 | Kafka UI Unauthenticated Remote Command Execution via the Groovy Filter option. | 17 Feb 202419:51 | – | metasploit |
 | Kafka UI 0.7.1 Command Injection | 28 May 202605:39 | – | nuclei |
 | CVE-2023-52251 | 25 Jan 202421:15 | – | nvd |
 | CVE-2023-52251 | 25 Jan 202421:15 | – | osv |
 | Kafka UI 0.7.1 Command Injection | 20 Feb 202400:00 | – | packetstorm |
10
| Source | Link |
|---|---|
| packetstormsecurity | www.packetstormsecurity.com/files/177214/Kafka-UI-0.7.1-Command-Injection.html |
| github | www.github.com/BobTheShoplifter/CVE-2023-52251-POC |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| q | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| filterQueryType | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| attempt | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| limit | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| page | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| seekDirection | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| keySerde | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| valueSerde | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
| seekType | query param | api/clusters/local/topics/{topic}/messages | Remote Command Injection via Groovy script payload in q parameter for messages endpoint | CWE-94 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2025 16:15Current
8.9High risk
Vulners AI Score8.9
CVSS 3.18.8
EPSS0.94014
SSVC