CVE-2023-49102
- Reference to the description:
- Description:
- NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
- Last updated date:
- 08/02/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/01/2023
- Reference url to background