Little Apps Little Software Stats antes de 0.2 Password Reset class.securelogin.php direitos alargados

EntradaHistóriaDiffjsonxmlCTI

Uma vulnerabilidade, que foi classificada como crítico, foi encontrada em Little Apps Little Software Stats. Afectado é uma função desconhecida do ficheiro inc/class.securelogin.php do componente Password Reset Handler. A manipulação com uma entrada desconhecida leva a direitos alargados. A definição de CWE para a vulnerabilidade é CWE-284. O aconselhamento é partilhado para download em github.com. A vulnerabilidade é identificada como CVE-2015-10057. O ataque pode ser feito a partir da rede local. Os detalhes técnicos estão disponíveis. Não há nenhuma exploração disponível. O projecto MITRE ATT&CK utiliza a técnica de ataque T1068 para esta edição. É declarado como não definido. Esperamos que o dia 0 tenha valido aproximadamente $0-$5k. A actualização para a versão 0.2 é capaz de abordar esta questão. A versão actualizada está pronta para ser descarregada em github.com. O nome do adesivo é 07ba8273a9311d1383f3686ac7cb32f20770ab1e. O bugfix está pronto para download em github.com. Recomenda-se a actualização do componente afectado.

Campo	15/01/2023 18h55	07/02/2023 20h16	07/02/2023 20h23
vendor	Little Apps	Little Apps	Little Apps
name	Little Software Stats	Little Software Stats	Little Software Stats
component	Password Reset Handler	Password Reset Handler	Password Reset Handler
file	inc/class.securelogin.php	inc/class.securelogin.php	inc/class.securelogin.php
cwe	284 (direitos alargados)	284 (direitos alargados)	284 (direitos alargados)
risk	2	2	2
cvss3_vuldb_ac	H	H	H
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
identifier	07ba8273a9311d1383f3686ac7cb32f20770ab1e	07ba8273a9311d1383f3686ac7cb32f20770ab1e	07ba8273a9311d1383f3686ac7cb32f20770ab1e
url	https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e	https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e	https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e
name	Actualização	Actualização	Actualização
upgrade_version	0.2	0.2	0.2
upgrade_url	https://github.com/little-apps/little-software-stats/releases/tag/v0.2	https://github.com/little-apps/little-software-stats/releases/tag/v0.2	https://github.com/little-apps/little-software-stats/releases/tag/v0.2
patch_name	07ba8273a9311d1383f3686ac7cb32f20770ab1e	07ba8273a9311d1383f3686ac7cb32f20770ab1e	07ba8273a9311d1383f3686ac7cb32f20770ab1e
patch_url	https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e	https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e	https://github.com/little-apps/little-software-stats/commit/07ba8273a9311d1383f3686ac7cb32f20770ab1e
advisoryquote	fixed security vulnerability allowing an attacker that knows the username to change the password without an activation key	fixed security vulnerability allowing an attacker that knows the username to change the password without an activation key	fixed security vulnerability allowing an attacker that knows the username to change the password without an activation key
cve	CVE-2015-10057	CVE-2015-10057	CVE-2015-10057
responsible	VulDB	VulDB	VulDB
date	1673737200 (15/01/2023)	1673737200 (15/01/2023)	1673737200 (15/01/2023)
cvss2_vuldb_ac	H	H	H
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5
cvss3_vuldb_basescore	4.6	4.6	4.6
cvss3_vuldb_tempscore	4.4	4.4	4.4
cvss3_meta_basescore	4.6	4.6	6.3
cvss3_meta_tempscore	4.4	4.4	6.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673737200 (15/01/2023)	1673737200 (15/01/2023)
cve_nvd_summary		A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. Upgrading to version 0.2 is able to address this issue. The name of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.	A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. Upgrading to version 0.2 is able to address this issue. The name of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			H
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			H
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			4.0
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			4.6

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!