header-logo
Suggest Exploit
vendor:
Provide Server
by:
Andreas Finstad
6.1
CVSS
MEDIUM
XSS - CSRF & Remote Code Execution (RCE)
79
CWE
Product Name: Provide Server
Affected Version From: < 14.4.1.29
Affected Version To: 14.4.1.29
Patch Exists: YES
Related CWE: CVE-2023-23286
CPE: a:provide_server:provide_server:14.4
Metasploit:
Other Scripts:
Platforms Tested: Windows Server 2022
2023

Provide Server v.14.4 XSS – CSRF & Remote Code Execution (RCE)

Provide Server v.14.4 is vulnerable to XSS, CSRF and Remote Code Execution (RCE). An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable server. This payload can be used to execute arbitrary code on the server, allowing the attacker to gain access to sensitive information or take control of the server.

Mitigation:

Upgrade to version 14.4.1.29 or later to mitigate this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: Provide Server v.14.4 XSS - CSRF & Remote Code Execution (RCE)
# Date: 2023-02-10
# Exploit Author: Andreas Finstad
# Version: < 14.4.1.29 
# Tested on: Windows Server 2022
# CVE : CVE-2023-23286
POC:

https://f20.be/blog/provide-server-14-4

Navigation

Suggest Exploit

Services By CQR