CVE-2023-1773

MEDIUM

Rockoa 2.3.2 - Code Injection

Title source: llm

Description

A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.

Exploits (3)

nomisec WORKING POC 3 stars

by CRONUS-Security · poc

https://github.com/CRONUS-Security/xinhu-v2.3.2

View Code ZIP pw:eip

gitee

poc

https://gitee.com/galaxies2580/cve/blob/master/xinhuv2.3.2.md

nomisec WORKING POC

by C1oudfL0w0 · poc

https://github.com/C1oudfL0w0/CVE-2023-1773-Exploit

View Code ZIP pw:eip

References (3)

[Permissions Required] https://gitee.com/galaxies2580/cve/blob/master/xinhuv2.3.2.md

[Third Party Advisory] https://vuldb.com/?ctiid.224674

[Third Party Advisory] https://vuldb.com/?id.224674

Scores

CVSS v3 6.3

EPSS 0.0550

EPSS Percentile 90.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-94

Status published

Products (1)

rockoa/rockoa 2.3.2

Published Mar 31, 2023

Tracked Since Feb 18, 2026