Back to KEVs

CVE-2023-31465

An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 28, 2023
Published Date
July 26, 2023
Last Updated
October 23, 2024
Vendor
FSMLabs
Product
TimeKeeper
Description
An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score
89.40% (Percentile: 99.52%) as of 2025-06-14

SSVC Information

Exploitation
poc
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-30 00:00:00 UTC) Source

References

https://fsmlabs.com/fsmlabs-cybersecurity/ https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-2023-31465.md

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-31 12:00:41 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-31465.yaml 2025-04-26 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Added to KEVIntel