Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.
PoC: CVE-2023-1671
Pre-Auth RCE in Sophos Web Appliance
PoC: CVE-2023-1671-POC
CVE-2023-1671 POC in python
PoC: cve-2023-1671
Exploit to cve-2023-1671. So there is a test and exploitation function. The test sends a ping request to the dnslog domain from the vulnerable site. If the ping passes, the vulnerability exists, if it doesn't, then cve-2023-1671 is missing. The exploit function, on the other hand, sends a request with your command to the server.
PoC: CVE-2023-1671-POC
CVE-2023-1671-POC, based on dnslog platform
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free