2 matches found
CVE-2023-22855
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...
The vulnerability of the Path.Combine method in the modular software solution for managing material flows and inventory control processes in the Kardex Mlog Control Center (MCC) allows a perpetrator to execute arbitrary code.
The vulnerability of the Path.Combine method in the modular software solution for managing material flows and inventory control processes in the Kardex Mlog Control Center MCC is related to improper code generation. Exploiting this vulnerability allows an attacker operating remotely to execute...