National Cyber Warfare Foundation (NCWF)

DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution
0 user ratings		2023-09-22 14:46:09
milo
Blue Team (CND)
 - archive -- 

Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and HTTP request tunneling. As part of our standard operating procedure, we performed a diff of the issued patch to identify potential bypasses […]


The post DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution appeared first on Praetorian.


The post DoubleQlik: Bypassing the Fix for CVE-2023-41265 to Achieve Unauthenticated Remote Code Execution appeared first on Security Boulevard.



emmaline

Source: Security Boulevard
Source Link: https://securityboulevard.com/2023/09/doubleqlik-bypassing-the-fix-for-cve-2023-41265-to-achieve-unauthenticated-remote-code-execution/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.