Little Apps Little Software Stats prima 0.2 Password Reset class.securelogin.php escalazione di privilegi

È stata rilevata una vulnerabilità di livello critico in Little Apps Little Software Stats. É interessato una funzione sconosciuta del file inc/class.securelogin.php del componente Password Reset Handler. Attraverso la manipolazione di un input sconosciuto per mezzo di una vulerabilità di classe escalazione di privilegi. L'advisory è scaricabile da github.com. Questo punto di criticità è identificato come CVE-2015-10057. L'attacco può partire dalla rete locale. I dettagli tecnici sono conosciuti. È stato dichiarato come non definito. L'aggiornamento alla versione 0.2 elimina questa vulnerabilità. L'aggiornamento è scaricabile da github.com. Il bugfix è scaricabile da github.com. Il miglior modo suggerito per attenuare il problema è aggiornamento all'ultima versione. Una possibile soluzione è stata pubblicata già prima e non dopo la pubblicazione della vulnerabilità.

Campo15/01/2023 18:5507/02/2023 20:1607/02/2023 20:23
vendorLittle AppsLittle AppsLittle Apps
nameLittle Software StatsLittle Software StatsLittle Software Stats
componentPassword Reset HandlerPassword Reset HandlerPassword Reset Handler
fileinc/class.securelogin.phpinc/class.securelogin.phpinc/class.securelogin.php
cwe284 (escalazione di privilegi)284 (escalazione di privilegi)284 (escalazione di privilegi)
risk222
cvss3_vuldb_acHHH
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier07ba8273a9311d1383f3686ac7cb32f20770ab1e07ba8273a9311d1383f3686ac7cb32f20770ab1e07ba8273a9311d1383f3686ac7cb32f20770ab1e
urlhttps://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1ehttps://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1ehttps://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e
nameUpgradeUpgradeUpgrade
upgrade_version0.20.20.2
upgrade_urlhttps://github.com/little-apps/little-software-stats/releases/tag/v0.2https://github.com/little-apps/little-software-stats/releases/tag/v0.2https://github.com/little-apps/little-software-stats/releases/tag/v0.2
patch_name07ba8273a9311d1383f3686ac7cb32f20770ab1e07ba8273a9311d1383f3686ac7cb32f20770ab1e07ba8273a9311d1383f3686ac7cb32f20770ab1e
patch_urlhttps://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1ehttps://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1ehttps://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e
advisoryquotefixed security vulnerability allowing an attacker that knows the username to change the password without an activation keyfixed security vulnerability allowing an attacker that knows the username to change the password without an activation keyfixed security vulnerability allowing an attacker that knows the username to change the password without an activation key
cveCVE-2015-10057CVE-2015-10057CVE-2015-10057
responsibleVulDBVulDBVulDB
date1673737200 (15/01/2023)1673737200 (15/01/2023)1673737200 (15/01/2023)
cvss2_vuldb_acHHH
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore3.53.53.5
cvss3_vuldb_basescore4.64.64.6
cvss3_vuldb_tempscore4.44.44.4
cvss3_meta_basescore4.64.66.3
cvss3_meta_tempscore4.44.46.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1673737200 (15/01/2023)1673737200 (15/01/2023)
cve_nvd_summaryA vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. Upgrading to version 0.2 is able to address this issue. The name of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. Upgrading to version 0.2 is able to address this issue. The name of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acH
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avA
cvss3_cna_acH
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore4.0
cvss3_nvd_basescore9.8
cvss3_cna_basescore4.6

PrecedenteVisione D'insiemeIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!