CVE-2023-25911 - OS Command Injection in Danfoss AK-EM 100
| CVE | CVE-2023-25911 | |||||||||||
| Discovered by |
|
|||||||||||
| Credits |
|
|||||||||||
| Affected products |
|
|||||||||||
| Page author | Max van der Horst | |||||||||||
| CVSS |
Base score:
9.9
(CRITICAL) |
|||||||||||
| References |
|
|||||||||||
| Problem type(s) | CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection') | |||||||||||
| Last modified | 25 May 2023 17:57 |
Description
The Danfoss AK-EM 100 web applications allow for OS command injection through the web application parameters.
JSON version