CVE-2023-37569

HIGH

Esds.co Emagic Data Center Management < 6.0 - OS Command Injection

Title source: rule

Description

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.

Exploits (1)

exploitdb WORKING POC

by thewhiteh4t · bashwebappsphp

https://www.exploit-db.com/exploits/51673

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/174084/Emagic-Data-Center-Management-Suite-6.0-Remote-Command-Execution.html

[Third Party Advisory] https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226

Scores

CVSS v3 8.8

EPSS 0.5112

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

esds.co/emagic_data_center_management < 6.0

Published Aug 08, 2023

Tracked Since Feb 18, 2026