doorGets 7.0 Access Token /api/index.php escalazione di privilegi

voceeditHistoryDiffjsonxmlCTI

Un punto di debole di livello critico è stato rilevato in doorGets 7.0. Interessato da questa vulnerabilità è una funzione sconosciuta del file /api/index.php del componente Access Token Handler. Informazioni riguardo una possibile contromisura non sono al momento disponibili. Si suggerisce di sostituire il prodotto con uno equivalente.

Campo	01/05/2019 13:56	05/06/2020 09:49
cvss3_nvd_ui	N	N
cvss3_nvd_s	U	U
cvss3_nvd_c	H	H
cvss3_nvd_i	H	H
cvss3_nvd_a	H	H
date	1556582400 (30/04/2019)	1556582400 (30/04/2019)
price_0day	$0-$5k	$0-$5k
cve	CVE-2019-11618	CVE-2019-11618
cve_assigned	1556582400	1556582400
cve_nvd_summary	doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.	doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php.
seealso	134265 134264 134263 134262 134260 134259 134258 134257	134265 134264 134263 134262 134260 134259 134258 134257
cvss2_vuldb_e	ND	ND
cvss2_vuldb_rl	ND	ND
cvss2_vuldb_rc	ND	ND
cvss3_vuldb_e	X	X
cvss3_vuldb_rl	X	X
cvss3_vuldb_rc	X	X
0day_days	1	1
cvss3_nvd_basescore	9.8	9.8
name	doorGets	doorGets
version	7.0	7.0
component	Access Token Handler	Access Token Handler
file	/api/index.php	/api/index.php
input_value	H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9	H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9
cwe	255 (escalazione di privilegi)	255 (escalazione di privilegi)
risk	2	2
historic	0	0
cvss2_vuldb_basescore	6.8	6.8
cvss2_vuldb_tempscore	6.8	6.8
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	M	M
cvss2_vuldb_au	N	N
cvss2_vuldb_ci	P	P
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	P	P
cvss2_nvd_av	N	N
cvss2_nvd_ac	L	L
cvss2_nvd_au	N	N
cvss2_nvd_ci	P	P
cvss2_nvd_ii	P	P
cvss2_nvd_ai	P	P
cvss3_meta_basescore	8.5	8.5
cvss3_meta_tempscore	8.5	8.5
cvss3_vuldb_basescore	7.3	7.3
cvss3_vuldb_tempscore	7.3	7.3
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_pr	N	N
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	L	L
cvss3_vuldb_i	L	L
cvss3_vuldb_a	L	L
cvss3_nvd_av	N	N
cvss3_nvd_ac	L	L
cvss3_nvd_pr	N	N
discoverydate		1556496000

◂ Precedente Visione d'insieme Il prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!