CVE-2023-0462

CRITICAL Year: 2023
CVSS v3 Score
9.1
Critical
Weakness Type
CWE-94
View all →

Vulnerability Description

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

Related Vulnerabilities

CVE-2017-2968

CRITICAL
CVSS:9.1(Critical)

Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability.

CWE-942017

CVE-2019-0330

CRITICAL
CVSS:9.1(Critical)

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application...

CWE-942019

CVE-2019-18582

CRITICAL
CVSS:9.1(Critical)

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server-side template injection vulnerability in the REST API. A ...

CWE-942019

CVE-2019-6816

CRITICAL
CVSS:9.1(Critical)

In Modicon Quantum all firmware versions, a CWE-94: Code Injection vulnerability could cause an unauthorized firmware modification with possible Denial of Service when using Modbus protocol.

CWE-942019

CVE-2020-12013

CRITICAL
CVSS:9.1(Critical)

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and ...

CWE-942020

CVE-2020-6318

CRITICAL
CVSS:9.1(Critical)

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code ...

CWE-942020