CVE-2023-0669

Description

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.

NVD
Severity: HIGH
CVE ID: CVE-2023-0669
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2023-0669

Refrence: Project Discovery GitHub

0xf4n9x

CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.

Refrence: GitHub

cataliniovita

CVE-2023-0669 GoAnywhere MFT command injection vulnerability

Refrence: GitHub

Griffin-01

Refrence: GitHub

yosef0x01

CVE analysis for CVE-2023-0669

Refrence: GitHub

Avento

GoAnywhere MFT CVE-2023-0669 LicenseResponseServlet Deserialization Vulnerabilities Python RCE PoC(Proof of Concept)

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept