Domoticz prior 4.10579 End of Line Argument crlf injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Domoticz and classified as critical. This issue affects an unknown code of the component End of Line Handler. Upgrading to version 4.10579 eliminates this vulnerability.

Field	04/01/2019 08:13 AM	05/23/2020 10:44 AM
name	Domoticz	Domoticz
component	End of Line Handler	End of Line Handler
input_type	Argument	Argument
cwe	93 (privilege escalation)	93 (privilege escalation)
cvss2_vuldb_basescore	5.0	5.0
cvss2_vuldb_tempscore	4.4	4.4
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss2_nvd_av	N	N
cvss2_nvd_ac	L	L
cvss2_nvd_au	N	N
cvss2_nvd_ci	N	N
cvss2_nvd_ii	P	P
cvss2_nvd_ai	N	N
cvss3_meta_basescore	7.5	7.5
cvss3_meta_tempscore	7.2	7.2
cvss3_vuldb_basescore	7.5	7.5
cvss3_vuldb_tempscore	7.2	7.2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	H	H
cvss3_vuldb_a	N	N
cvss3_nvd_av	N	N
cvss3_nvd_ac	L	L
cvss3_nvd_pr	N	N
cvss3_nvd_ui	N	N
cvss3_nvd_s	U	U
cvss3_nvd_c	N	N
cvss3_nvd_i	H	H
cvss3_nvd_a	N	N
date	1553990400 (03/31/2019)	1553990400 (03/31/2019)
price_0day	$0-$5k	$0-$5k
name	Upgrade	Upgrade
upgrade_version	4.10579	4.10579
cve	CVE-2019-10678	CVE-2019-10678
cve_assigned	1553990400	1553990400
cve_nvd_summary	Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.	Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
seealso	132644	132644
risk	2	2
location	Website	Website
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	X	X
0day_days	2	2
cvss3_nvd_basescore	7.5	7.5
discoverydate		1553817600
url		https://www.exploit-db.com/exploits/46773/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!