Back to KEVs

CVE-2023-28343

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 14, 2023
Published Date
March 14, 2023
Last Updated
February 27, 2025
Vendor
n/a
Product
n/a
Description
OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
none
Technical Impact
partial

Exploit Status

Proof of Concept Available
Yes (added 2023-03-23 15:19:02 UTC) Source

References

https://github.com/ahmedalroky/Disclosures/blob/main/apesystems/os_command_injection.md https://apsystems.com http://packetstormsecurity.com/files/171775/Altenergy-Power-Control-Software-C1.2.5-Command-Injection.html

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-07-07 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-28343.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

superzerosec/CVE-2023-28343

Type: github • Created: 2023-03-23 15:19:02 UTC • Stars: 8

CVE-2023-28343 POC exploit

gobysec/CVE-2023-28343

Type: github • Created: 2023-03-21 11:41:36 UTC • Stars: 6

Altenergy Power System Control Software set_timezone RCE Vulnerability (CVE-2023-28343)

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel