CVE-2023-46344
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-46344
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_smartenergy_swgroups in the web portal. The vulnerability can be exploited to gain the rights of an installer or PM, which can then be used to gain administrative access to the web portal and execute further attacks. NOTE: The vendor states that this vulnerability has been fixed with 3.0.0-60 11.10.2013 for SL 200, 500, 1000 / not existing for SL 250, 300, 1200, 2000, SL 50 Gateway, SL Base.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Solar-Log GmbH Base 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Solar-Log GmbH是德国Solar-Log公司的一个用于监控光伏电站的数据记录器。 Solar-Log GmbH Base 15 6.0.1 Build 161固件版本存在跨站脚本漏洞,该漏洞源于允许攻击者利用 Web 门户中的switch group函数提升其权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2023-46344
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | None | https://github.com/vinnie1717/CVE-2023-46344 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-46344
请登录查看更多情报信息。
Same Patch Batch · n/a · 2024-02-02 · 33 CVEs total
| CVE-2024-22779 | 8.8 HIGH | ServerRPExposer 安全漏洞 |
| CVE-2024-21485 | 6.5 MEDIUM | Dash 安全漏洞 |
| CVE-2024-1198 | 6.3 MEDIUM | openBI Phar User.php addxinzhi deserialization |
| CVE-2024-1189 | 5.3 MEDIUM | AMPPS Encryption Passphrase denial of service |
| CVE-2024-1193 | 3.3 LOW | Navicat MySQL Conecction denial of service |
| CVE-2023-48645 | ARCHIBUS 安全漏洞 | |
| CVE-2024-25006 | XenForo 安全漏洞 | |
| CVE-2023-50488 | Blurams Lumi Security Camera 安全漏洞 | |
| CVE-2023-51072 | Nagios XI 安全漏洞 | |
| CVE-2023-51820 | Blurams Lumi Security Camera 安全漏洞 | |
| CVE-2024-24388 | XunRuiCMS 安全漏洞 | |
| CVE-2023-51838 | MeshCentral 安全漏洞 | |
| CVE-2024-22107 | GTB Central Console 安全漏洞 | |
| CVE-2024-22108 | GTB Central Console 安全漏洞 | |
| CVE-2024-24029 | JFinalCMS 安全漏洞 | |
| CVE-2024-24160 | MRCMS 安全漏洞 | |
| CVE-2024-24161 | MRCMS 安全漏洞 | |
| CVE-2024-24470 | flusity CMS 安全漏洞 | |
| CVE-2023-39611 | Software FX Chart FX 安全漏洞 | |
| CVE-2024-24524 | flusity CMS 安全漏洞 |
Showing top 20 of 33 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2023-46344
No comments yet