CVE-2023-38316

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-116
View all →

Vulnerability Description

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. Affected OpenNDS Captive Portal before version 10.1.2 fixed in OpenWrt master, OpenWrt 23.05 and OpenWrt 22.03 on 28. August 2023 by updating OpenNDS to version 10.1.3.

Related Vulnerabilities

CVE-2017-8303

CRITICAL
CVSS:9.8(Critical)

An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.

CWE-1162017

CVE-2018-15494

CRITICAL
CVSS:9.8(Critical)

In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.

CWE-1162018

CVE-2018-9246

CRITICAL
CVSS:9.8(Critical)

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting i...

CWE-1162018

CVE-2018-9433

CRITICAL
CVSS:9.8(Critical)

In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed...

CWE-1162018

CVE-2019-11325

CRITICAL
CVSS:9.8(Critical)

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary...

CWE-1162019

CVE-2020-36599

CRITICAL
CVSS:9.8(Critical)

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

CWE-1162020