CVE-2023-7102 Information

Description

Use of a Third Party library produced a vulnerability in Barracuda Networks Inc. Barracuda ESG Appliance which allowed Parameter Injection.This issue affected Barracuda ESG Appliance from 5.1.3.001 through 9.2.1.001 until Barracuda removed the vulnerable logic.

Reference

https://www.barracuda.com/company/legal/esg-vulnerability https://www.cve.org/CVERecord?id=CVE-2023-7101 https://metacpan.org/dist/Spreadsheet-ParseExcel https://github.com/haile01/perl_spreadsheet_excel_rce_poc https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md