Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:53 a.m.4 views

CVE-2023-22855

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...

9.8CVSS7.9AI score0.14832EPSS
Exploits8References1
Packet Storm
Packet Storm
added 2023/04/05 12:0 a.m.264 views

Kardex Mlog MCC 5.7.12 Remote Code Execution

!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...

9.8CVSS9.4AI score0.14832EPSS
Exploits8
Exploit DB
Exploit DB
added 2023/04/05 12:0 a.m.240 views

Kardex Mlog MCC 5.7.12 - RCE (Remote Code Execution)

!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...

9.8CVSS9.8AI score0.14832EPSS
Exploits8
0day.today
0day.today
added 2023/04/05 12:0 a.m.254 views

Kardex Mlog MCC 5.7.12 - Remote Code Execution Exploit

!/usr/bin/env python3 Exploit Title: Kardex Mlog MCC 5.7.12 - RCE Remote Code Execution Date: 12/13/2022 Exploit Author: Patrick Hener Vendor Homepage: https://www.kardex.com/en/mlog-control-center Version: 5.7.12+0-a203c2a213-master Tested on: Windows Server 2016 CVE : CVE-2023-22855 Writeup:...

9.8CVSS9.2AI score0.14832EPSS
Exploits8
BDU FSTEC
BDU FSTEC
added 2023/03/06 12:0 a.m.7 views

The vulnerability of the Path.Combine method in the modular software solution for managing material flows and inventory control processes in the Kardex Mlog Control Center (MCC) allows a perpetrator to execute arbitrary code.

The vulnerability of the Path.Combine method in the modular software solution for managing material flows and inventory control processes in the Kardex Mlog Control Center MCC is related to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute...

9.6CVSS8.2AI score0.14832EPSS
Exploits8References3
0day.today
0day.today
added 2023/02/18 12:0 a.m.369 views

Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution Vulnerabilities

Kardex Mlog MCC version 5.7.12+0-a203c2a213-master suffers from a file inclusion vulnerability that allows for remote code execution. Remote Code Execution in Kardex MLOG ======================================================================= Product: Kardex Mlog MCC Vendor: Kardex Holding AG...

9.8CVSS9.9AI score0.14832EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/02/17 12:0 a.m.249 views

Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution

Remote Code Execution in Kardex MLOG ======================================================================= Product: Kardex Mlog MCC Vendor: Kardex Holding AG Tested Version: 5.7.12+0-a203c2a213-master Fixed Version: inline patch - no new version number Vulnerability Type: Improper Control of...

9.7AI score0.14832EPSS
Exploits8
NVD
NVD
added 2023/02/15 9:15 p.m.40 views

CVE-2023-22855

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...

9.8CVSS9.7AI score0.14832EPSS
Exploits8References5
Prion
Prion
added 2023/02/15 9:15 p.m.15 views

Design/Logic Flaw

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...

7.5CVSS9.6AI score0.14832EPSS
Exploits8References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/15 12:0 a.m.7 views

CVE-2023-22855

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...

7.6AI score0.14832EPSS
Exploits8References5
CVE
CVE
added 2023/02/15 12:0 a.m.83 views

CVE-2023-22855

CVE-2023-22855 affects Kardex Mlog MCC 5.7.12+0-a203c2a213-master. A user-controllable path is passed to Path.Combine in the MCC web interface (port 8088) without proper sanitisation, enabling file inclusion on local/SMB shares and, when a .t4 template is processed by mono/t4, remote code executi...

9.8CVSS9.5AI score0.14832EPSS
Exploits8References5Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.5 views

PT-2023-1552 · Kardex · Kardex Mlog Mcc

Name of the Vulnerable Software and Affected Versions: Kardex Mlog MCC version 5.7.12+0-a203c2a213-master Description: The issue is related to incorrect code generation management in the Kardex Mlog Control Center MCC module. This allows a remote attacker to execute arbitrary code. The software...

9.8CVSS9.3AI score0.14832EPSS
Exploits8References10
Rows per page
Query Builder