What is CVE-2023-22855?

CVE-2023-22855 is a vulnerability in N/a. Published 2023-02-15.

Is CVE-2023-22855 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-22855

Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method (Path.Combine from .NET) without proper sanitisati…

EPSS: 0.616 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

vianic/CVE-2023-22855
ARPSyndicate/cvemon
nomi-sec/PoC-in-GitHub
patrickhener/CVE-2023-22855

References

github.com/patrickhener/CVE-2023-22855/blob/main/advisory/advisory.md
20230216 Remote Code Execution in Kardex MLOG (mailing-list)
packetstormsecurity.com/files/171046/Kardex-Mlog-MCC-5.7.12-0-a203c2a213-master…
packetstormsecurity.com/files/171689/Kardex-Mlog-MCC-5.7.12-Remote-Code-Executi…
www.exploit-db.com/exploits/51239

Frequently asked questions

What is CVE-2023-22855?: CVE-2023-22855 is a vulnerability in N/a. Published 2023-02-15.
Is CVE-2023-22855 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.