Critical severity9.1NVD Advisory· Published Aug 14, 2023· Updated Jun 17, 2026
CVE-2023-3267
CVE-2023-3267
Description
When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: v2.6.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.