GeniXCMS 1.1.5 admin.php dbuser/dbhost 跨网站脚本

条目编辑历史差异jsonxmlCTI

字段2020-01-01 11時37分2020-01-01 11時42分
nameGeniXCMSGeniXCMS
version1.1.51.1.5
fileadmin.phpadmin.php
argumentdbuser/dbhostdbuser/dbhost
input_typeParameterParameter
discoverydate15480288001548028800
risk11
cvss2_vuldb_basescore4.34.3
cvss2_vuldb_tempscore4.34.3
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss3_meta_basescore5.25.2
cvss3_meta_tempscore5.25.2
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.34.3
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
date1577750400 (2019-12-31)1577750400 (2019-12-31)
price_0day$0-$5k$0-$5k
cveCVE-2018-14476CVE-2018-14476
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days344344
cvss3_nvd_basescore6.16.1
typeContent Management System
cwe079 (跨网站脚本)
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cve_assigned1532044800
cve_nvd_summaryGeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.

Want to stay up to date on a daily basis?

Enable the mail alert feature now!