code-projects Fighting Cock Information System 1.0 update_mother.php age_mother SQL注入

CVSS 元温度得分当前攻击价格 (≈)CTI兴趣分数
7.3$0-$5k0.04

一览

分类为致命的漏洞已在code-projects Fighting Cock Information System 1.0中发现。 此漏洞会影响某些未知进程文件admin/action/update_mother.php。 手动调试的软件参数:age_mother不合法输入可导致 SQL注入。 漏洞的CWE定义是 CWE-89。 此漏洞的脆弱性 2024-01-12所分享。 分享公告的网址是github.com。 该漏洞被标识为CVE-2024-0484, 远程可以启动攻击, 有技术细节可用。 此外还有一个漏洞可利用。 该漏洞利用已公开,可能会被利用。 当前漏洞利用价值为美元大约是 $0-$5k。 MITRE ATT&CK项目使用攻击技术T1505来解决该问题。 它被宣布为proof-of-concept。 以下网址提供该漏洞利用:github.com。 我们估计的零日攻击价值约为$0-$5k。 该漏洞被披露后,此前未曾发表过可能的缓解措施。 [细节]

IOB - Indicator of Behavior (1100)

时间轴

语言

en1032
de16
fr12
ru10
ar8

国家/地区

gb148
us56
de40
se16
it14

演员

活动

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
13.72.0.0/24Sliverpredictive
23.75.210.0/24Cobalt Strikepredictive
35.39.30.0/24Silencepredictive
4XX.XXX.XX.X/XXXxxxxxx Xxxxxxxpredictive
5XX.XXX.XX.X/XXXxxxxx Xxxxxxpredictive
6XX.XX.XXX.X/XXXxxxxpredictive
7XX.XX.XXX.X/XXXxxxxx Xxxpredictive
8XX.XX.XXX.X/XXXxxxxxxxpredictive
9XX.XX.XXX.X/XXXxxxxxxpredictive
10XX.XXX.XX.X/XXXxxxxx Xxxxxxpredictive
11XXX.XXX.XX.X/XXXxxxxxpredictive
12XXX.XXX.XX.X/XXXxxxxx Xxxxxxpredictive
13XXX.XXX.XXX.X/XXXxxxpredictive
14XXX.XXX.XX.X/XXXxxxxxx Xxxxxxpredictive
15XXX.XXX.XXX.X/XXXxxxxx Xxxpredictive
16XXX.XX.XXX.X/XXXxxxxxxxxpredictive
17XXX.XXX.XX.X/XXXxx-x-xxpredictive
18XXX.XX.XXX.X/XXXxxxxxpredictive
19XXX.XXX.XXX.X/XXXxxxxxxpredictive
20XXX.XXX.XXX.X/XXXxxxxpredictive
21XXX.XXX.XXX.X/XXXxxxxxx Xxxxxxxpredictive

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1505CAPEC-108CWE-89SQL Injectionverified

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1Fileadmin/action/update_mother.phpverified
2Argumentxxx_xxxxxxverified

Do you want to use VulDB in your project?

Use the official API to access entries easily!