Domoticz prior 4.10579 End of Line Argument crlf injection

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Domoticz and classified as critical. This issue affects an unknown code of the component End of Line Handler. Upgrading to version 4.10579 eliminates this vulnerability.

Field04/01/2019 08:13 AM05/23/2020 10:44 AM
nameDomoticzDomoticz
componentEnd of Line HandlerEnd of Line Handler
input_typeArgumentArgument
cwe93 (privilege escalation)93 (privilege escalation)
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore4.44.4
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_meta_basescore7.57.5
cvss3_meta_tempscore7.27.2
cvss3_vuldb_basescore7.57.5
cvss3_vuldb_tempscore7.27.2
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iHH
cvss3_vuldb_aNN
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iHH
cvss3_nvd_aNN
date1553990400 (03/31/2019)1553990400 (03/31/2019)
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
upgrade_version4.105794.10579
cveCVE-2019-10678CVE-2019-10678
cve_assigned15539904001553990400
cve_nvd_summaryDomoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.
seealso132644132644
risk22
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcXX
0day_days22
cvss3_nvd_basescore7.57.5
discoverydate1553817600
urlhttps://www.exploit-db.com/exploits/46773/

Might our Artificial Intelligence support you?

Check our Alexa App!