CVE-2023-7116
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 27, 2023
Updated: May 17, 2024
CWE ID 78
Summary
CVE-2023-7116 is a newly disclosed critical vulnerability affecting the WeiYe-Jing datax-web 2.1.2 component. The issue lies within the HTTP POST Request Handler's /api/log/killJob file, where manipulation of the processId argument allows for os command injection. This vulnerability can be exploited remotely, making it a significant security concern. The exploit for this vulnerability, identified as VDB-249086, has been made public, increasing the risk for potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share