Today, exploit attempts for %%cve:2023-22518%% cross the “significant” threshold for our “First Seen URLs” list. The URL being accessed, “/json/setup-restore.action?synchronous=true”, can be used to bypass authentication [1]. Due to a failure to properly control access to this path, the attacker can execute the “setup-restore” feature, which restores the database using attacker-supplied data and can lead to system command execution.
Article Link: https://isc.sans.edu/diary/rss/30502