{"vulnerability": "cve-2023-26213", "sightings": [{"uuid": "d7a86983-ead3-4510-a615-1bd899f9f767", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26213", "type": "seen", "source": "Telegram/-z8EBkexp6XXVXb95uMyjrK3uacHGRoex92QcJDlNWP4IR7p", "content": "", "creation_timestamp": "2025-03-08T04:34:57.000000Z"}, {"uuid": "ccf92813-12b8-4a0b-99af-ba2c9c016e4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26213", "type": "seen", "source": "https://t.me/cibsecurity/59408", "content": "\u203c CVE-2023-26213 \u203c\n\nOn Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-04T00:35:35.000000Z"}, {"uuid": "05b010f2-2c9c-47c6-af6a-37706b7fa487", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26213", "type": "published-proof-of-concept", "source": "Telegram/jPSnhCMejHbvrCa5vv5XjbnfZrfw8rqsp_9peBbwEW64iB8", "content": "", "creation_timestamp": "2023-03-06T18:56:09.000000Z"}, {"uuid": "60eb8e17-451e-489e-a0e9-07263efc5a3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26213", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7875", "content": "#exploit\n1. CVE-2023-26213:\nBarracuda CloudGen WAN OS Command Injection\nhttps://packetstormsecurity.com/files/171235/Barracuda-CloudGen-WAN-OS-Command-Injection.html\n\n2. KeePass2: DLL Hijacking and hooking APIs\nhttps://skr1x.github.io/keepass-dll-hijacking", "creation_timestamp": "2023-03-06T11:00:22.000000Z"}]}