Security Advisory

CVE-2023-49102

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-11-22 00:00:00

Last updated 2024-08-02 21:46:29

Assigner mitre

State PUBLISHED

Description

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs (7za and unrar) preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

← Browse all CVEs View on cve.org ↗