CVE-2023-37569

HIGH

ESDS Emagic Data Center Management Suite < 6.0 - Authenticated OS Command Injection via Ping Component

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-37569. PoCs published by thewhiteh4t.

AI-analyzed exploit summary This exploit targets a command injection vulnerability in Emagic Data Center Management Suite v6.0. It sends a crafted POST request with a payload that executes a reverse shell to the attacker's specified host and port.

Description

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

Exploits (1)

exploitdb WORKING POC
by thewhiteh4t · bashwebappsphp
https://www.exploit-db.com/exploits/51673

This exploit targets a command injection vulnerability in Emagic Data Center Management Suite v6.0. It sends a crafted POST request with a payload that executes a reverse shell to the attacker's specified host and port.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: ESDS eMagic Data Center Management Suite v6.0.0
No auth needed
Prerequisites: network access to the target · target application running and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.5306
EPSS Percentile 98.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-78
Status published
Products (1)
esds.co/emagic_data_center_management < 6.0
Published Aug 08, 2023
Tracked Since Feb 18, 2026