Nakiami Mellivora hasta 2.1.x Admin Panel user.inc.php print_user_ip_log $entry['ip'] cross site scripting

Una vulnerabilidad fue encontrada en Nakiami Mellivora hasta 2.1.x y clasificada como problemática. La función print_user_ip_log del archivo include/layout/user.inc.php del componente Admin Panel es afectada por esta vulnerabilidad. Mediante la manipulación del parámetro $entry['ip'] de un input desconocido se causa una vulnerabilidad de clase cross site scripting. El advisory puede ser descargado de github.com. La vulnerabilidad es identificada como CVE-2019-25092. El ataque se puede efectuar a través de la red. Los detalles técnicos son conocidos. Fue declarado como no está definido. Una actualización a la versión 2.2.0 elimina esta vulnerabilidad. La actualización se puede descargar de github.com. El parche puede ser descargado de github.com. El mejor modo sugerido para mitigar el problema es actualizar a la última versión. Una solución posible ha sido publicada incluso antes y no después de la publicación de la vulnerabilidad.

Campo2022-12-28 10:002023-01-25 15:112023-01-25 15:18
cvss2_vuldb_acLLL
cvss2_vuldb_auMMM
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore3.33.33.3
cvss2_vuldb_tempscore2.92.92.9
cvss3_vuldb_basescore2.42.42.4
cvss3_vuldb_tempscore2.32.32.3
cvss3_meta_basescore2.42.43.2
cvss3_meta_tempscore2.32.33.2
price_0day$0-$5k$0-$5k$0-$5k
vendorNakiamiNakiamiNakiami
nameMellivoraMellivoraMellivora
version<=2.1.x<=2.1.x<=2.1.x
componentAdmin PanelAdmin PanelAdmin Panel
fileinclude/layout/user.inc.phpinclude/layout/user.inc.phpinclude/layout/user.inc.php
functionprint_user_ip_logprint_user_ip_logprint_user_ip_log
argument$entry['ip']$entry['ip']$entry['ip']
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prHHH
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifiere0b6965f8dde608a3d2621617c05695eb406cbb9e0b6965f8dde608a3d2621617c05695eb406cbb9e0b6965f8dde608a3d2621617c05695eb406cbb9
urlhttps://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9https://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9https://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9
nameUpgradeUpgradeUpgrade
upgrade_version2.2.02.2.02.2.0
upgrade_urlhttps://github.com/Nakiami/mellivora/releases/tag/v2.2.0https://github.com/Nakiami/mellivora/releases/tag/v2.2.0https://github.com/Nakiami/mellivora/releases/tag/v2.2.0
patch_namee0b6965f8dde608a3d2621617c05695eb406cbb9e0b6965f8dde608a3d2621617c05695eb406cbb9e0b6965f8dde608a3d2621617c05695eb406cbb9
patch_urlhttps://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9https://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9https://github.com/Nakiami/mellivora/commit/e0b6965f8dde608a3d2621617c05695eb406cbb9
cveCVE-2019-25092CVE-2019-25092CVE-2019-25092
responsibleVulDBVulDBVulDB
date1672182000 (2022-12-28)1672182000 (2022-12-28)1672182000 (2022-12-28)
cvss2_vuldb_avNNN
cve_assigned1672182000 (2022-12-28)1672182000 (2022-12-28)
cve_nvd_summaryA vulnerability classified as problematic was found in Nakiami Mellivora up to 2.1.x. Affected by this vulnerability is the function print_user_ip_log of the file include/layout/user.inc.php of the component Admin Panel. The manipulation of the argument $entry['ip'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is e0b6965f8dde608a3d2621617c05695eb406cbb9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216955.A vulnerability classified as problematic was found in Nakiami Mellivora up to 2.1.x. Affected by this vulnerability is the function print_user_ip_log of the file include/layout/user.inc.php of the component Admin Panel. The manipulation of the argument $entry['ip'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is e0b6965f8dde608a3d2621617c05695eb406cbb9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216955.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prH
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prH
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aN
cve_cnaVulDB
cvss3_nvd_basescore4.8
cvss3_cna_basescore2.4

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!