Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) via Improper Control of Code Generation

Remote Code Execution Vulnerability in StruxureWare Data Center Expert (V7.9.2 and prior) via Improper Control of Code Generation

CVE-2023-25550 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior)

Learn more about our Web Application Penetration Testing UK.