CVE-2023-38995
9.8CRITICALAn issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
Published: 2/7/2024Updated: 5/15/2025
Description
An issue in SCHUHFRIED v.8.22.00 allows remote attacker to obtain the database password via crafted curl command.
AI AnalysisPowered by AI
Affected Products
schuhfriedschuhfried
References
- https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-38995-Schuhfried-Preauth-PrivEsc.pdfExploitTechnical DescriptionThird Party Advisory
- https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-38995-Schuhfried-Preauth-PrivEsc.pdfExploitTechnical DescriptionThird Party Advisory