CVE-2023-23063

HIGH EXPLOITED NUCLEI

Cellinx NVT v1.0.6.002b - Path Traversal via /cgi-bin/GetFileContent.cgi

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-23063 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains functional exploit code for multiple vulnerabilities, including CVE-2023-28343 (OS command injection in Altenergy Power Control Software) and CVE-2022-29297 (reflected XSS in SolarView Compact). The exploits demonstrate remote code execution and file upload vulnerabilities with detailed technical analysis.

Description

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi.

Exploits (1)

vulncheck_xdb WORKING POC
infoleak
https://github.com/ahmedalroky/CVEs

This repository contains functional exploit code for multiple vulnerabilities, including CVE-2023-28343 (OS command injection in Altenergy Power Control Software) and CVE-2022-29297 (reflected XSS in SolarView Compact). The exploits demonstrate remote code execution and file upload vulnerabilities with detailed technical analysis.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Altenergy Power Control Software C1.2.5, SolarView Compact ver.6.00
No auth needed
Prerequisites: Network access to vulnerable device · Python environment for exploit.py
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

Cellinx NVT Web Server - Local File Disclosure
HIGHVERIFIEDby daffainfo
FOFA: body="/viewer/viewer.html" && header="lighttpd" && country="KR"

References (1)

Core 1
Core References
Exploit, Third Party Advisory
https://github.com/ahmedalroky/CVEs/tree/cellinx

Scores

CVSS v3 7.5
EPSS 0.3039
EPSS Percentile 96.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-06-08
CWE
CWE-22
Status published
Products (1)
cellinx/nvt_web_server 1.0.6.002b
Published Feb 22, 2023
Tracked Since Feb 18, 2026