CVE-2023-0669
Description
Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2.
Severity: HIGH
CVE ID: CVE-2023-0669
CVSS Score: 7.2
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2023-0669
Refrence: Project Discovery GitHub
0xf4n9x
CVE-2023-0669 GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object.
Refrence: GitHub
cataliniovita
CVE-2023-0669 GoAnywhere MFT command injection vulnerability
Refrence: GitHub
Griffin-01
Refrence: GitHub
yosef0x01
CVE analysis for CVE-2023-0669
Refrence: GitHub
Avento
GoAnywhere MFT CVE-2023-0669 LicenseResponseServlet Deserialization Vulnerabilities Python RCE PoC(Proof of Concept)
Refrence: GitHub