idreamsoft iCMS まで7.0.14 public/api.php 未知の脆弱性

エントリ編集履歴差分jsonxmlCTI

フィールド2019年02月19日 08:132020年05月11日 09:58
cvss3_nvd_prLL
cvss3_nvd_uiRR
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iHH
cvss3_nvd_aNN
date1550448000 (2019年02月18日)1550448000 (2019年02月18日)
price_0day$0-$5k$0-$5k
cveCVE-2019-8902CVE-2019-8902
cve_assigned15504480001550448000
cve_nvd_summaryAn issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_nvd_basescore5.75.7
typeContent Management SystemContent Management System
vendoridreamsoftidreamsoft
nameiCMSiCMS
version<=7.0.14<=7.0.14
filepublic/api.php?app=userpublic/api.php?app=user
cwe352 (クロスサイトリクエストフォージェリ)352 (クロスサイトリクエストフォージェリ)
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore4.34.3
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_nvd_avNN
cvss2_nvd_acMM
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore5.05.0
cvss3_meta_tempscore5.05.0
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_nvd_avNN
cvss3_nvd_acLL
discoverydate1550448000

Might our Artificial Intelligence support you?

Check our Alexa App!