{"id":"CVE-2023-30261","details":"Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request.","modified":"2026-03-14T12:06:40.346601Z","published":"2023-06-26T14:15:10.223Z","references":[{"type":"REPORT","url":"https://github.com/snaptec/openWB/issues/2672"},{"type":"FIX","url":"https://github.com/snaptec/openWB/pull/2673"},{"type":"EVIDENCE","url":"https://eldstal.se/advisories/230329-openwb.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/snaptec/openwb","events":[{"introduced":"0"},{"last_affected":"3e86e400937b8e22489705c80e49b5efa027ff87"},{"introduced":"0"},{"last_affected":"a311a87906b40a4354ac9c0b9714b6378c1b967e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.6"},{"introduced":"0"},{"last_affected":"1.7"}]}}],"versions":["0.1","0.12","0.14","0.15","0.2","0.40","0.99","1.0","1.6","1.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30261.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}