Th3-822 Rapidleech classes/options/zip.php zip_go archive cross site scripting

A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. The CWE definition for the vulnerability is CWE-79. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. The weakness was published 01/13/2023 as 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is possible to read the advisory at github.com. This vulnerability is uniquely identified as CVE-2021-4312. It is possible to initiate the attack remotely. Technical details are available. There is no exploit available. The pricing for an exploit might be around USD $0-$5k at the moment. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The patch is named 885a87ea4ee5e14fa95801eca255604fb2e138c6. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field02/07/2023 07:3002/07/2023 07:3502/07/2023 07:41
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.43.43.4
cvss3_meta_basescore3.54.44.4
cvss3_meta_tempscore3.44.34.3
price_0day$0-$5k$0-$5k$0-$5k
vendorTh3-822Th3-822Th3-822
nameRapidleechRapidleechRapidleech
fileclasses/options/zip.phpclasses/options/zip.phpclasses/options/zip.php
functionzip_gozip_gozip_go
argumentarchivearchivearchive
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier885a87ea4ee5e14fa95801eca255604fb2e138c6885a87ea4ee5e14fa95801eca255604fb2e138c6885a87ea4ee5e14fa95801eca255604fb2e138c6
urlhttps://github.com/Th3-822/rapidleech/commit/885a87ea4ee5e14fa95801eca255604fb2e138c6https://github.com/Th3-822/rapidleech/commit/885a87ea4ee5e14fa95801eca255604fb2e138c6https://github.com/Th3-822/rapidleech/commit/885a87ea4ee5e14fa95801eca255604fb2e138c6
namePatchPatchPatch
patch_name885a87ea4ee5e14fa95801eca255604fb2e138c6885a87ea4ee5e14fa95801eca255604fb2e138c6885a87ea4ee5e14fa95801eca255604fb2e138c6
patch_urlhttps://github.com/Th3-822/rapidleech/commit/885a87ea4ee5e14fa95801eca255604fb2e138c6https://github.com/Th3-822/rapidleech/commit/885a87ea4ee5e14fa95801eca255604fb2e138c6https://github.com/Th3-822/rapidleech/commit/885a87ea4ee5e14fa95801eca255604fb2e138c6
advisoryquoteFixed XSS on classes/options/zip.phpFixed XSS on classes/options/zip.phpFixed XSS on classes/options/zip.php
cveCVE-2021-4312CVE-2021-4312CVE-2021-4312
responsibleVulDBVulDBVulDB
eol111
date1673564400 (01/13/2023)1673564400 (01/13/2023)1673564400 (01/13/2023)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cve_assigned1673564400 (01/13/2023)1673564400 (01/13/2023)1673564400 (01/13/2023)
cve_nvd_summary** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Th3-822 Rapidleech. This affects the function zip_go of the file classes/options/zip.php. The manipulation of the argument archive leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 885a87ea4ee5e14fa95801eca255604fb2e138c6. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218295. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiRR
cvss3_nvd_sCC
cvss3_nvd_cLL
cvss3_nvd_iLL
cvss3_nvd_aNN
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiNN
cvss3_cna_avNN
cvss3_cna_acLL
cvss3_cna_prLL
cvss3_cna_uiRR
cvss3_cna_sUU
cvss3_cna_cNN
cvss3_cna_iLL
cvss3_cna_aNN
cve_cnaVulDBVulDB
cvss2_nvd_basescore4.04.0
cvss3_nvd_basescore6.16.1
cvss3_cna_basescore3.53.5

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!