mosbth cimage 直到0.7.18 check_system.php $_SERVER['SERVER_SOFTWARE'] 跨网站脚本

条目历史差异jsonxmlCTI

在mosbth cimage 直到0.7.18中曾发现一漏洞, 此漏洞被申报为棘手。受此漏洞影响的是未知功能文件：check_system.php。手动调试的软件参数:$_SERVER['SERVER_SOFTWARE']不合法输入可导致跨网站脚本。漏洞的CWE定义是 CWE-79。此漏洞的脆弱性 2023-01-28公示人身份401478c8393989836beeddfeac5ce44570af162b、所公布。阅读公告的网址是github.com。该漏洞被称作为CVE-2016-15022，可以发起远程攻击，有技术细节可用。没有可利用漏洞。当前漏洞利用的价值为美元大约是$0-$5k 。根据MITRE ATT&CK，此问题部署的攻击技术是T1059.007。它被宣布为未定义。我们估计的零日攻击价值约为$0-$5k。升级到版本0.7.19能够解决此问题。更新版本下载地址为 github.com。补丁名称为401478c8393989836beeddfeac5ce44570af162b。错误修复程序下载地址为github.com，建议对受到影响的组件升级。该漏洞被披露后，远在此前发表过可能的缓解措施。

字段	2023-01-28 19時55分	2023-02-25 08時41分
vendor	mosbth	mosbth
name	cimage	cimage
version	<=0.7.18	<=0.7.18
file	check_system.php	check_system.php
argument	$_SERVER['SERVER_SOFTWARE']	$_SERVER['SERVER_SOFTWARE']
cwe	79 (跨网站脚本)	79 (跨网站脚本)
risk	1	1
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	H	H
cvss3_vuldb_pr	H	H
cvss3_vuldb_ui	R	R
cvss3_vuldb_s	U	U
cvss3_vuldb_c	N	N
cvss3_vuldb_i	L	L
cvss3_vuldb_a	N	N
cvss3_vuldb_rl	O	O
cvss3_vuldb_rc	C	C
identifier	401478c8393989836beeddfeac5ce44570af162b	401478c8393989836beeddfeac5ce44570af162b
url	https://github.com/mosbth/cimage/commit/401478c8393989836beeddfeac5ce44570af162b	https://github.com/mosbth/cimage/commit/401478c8393989836beeddfeac5ce44570af162b
name	升级	升级
upgrade_version	0.7.19	0.7.19
upgrade_url	https://github.com/mosbth/cimage/releases/tag/v0.7.19	https://github.com/mosbth/cimage/releases/tag/v0.7.19
patch_name	401478c8393989836beeddfeac5ce44570af162b	401478c8393989836beeddfeac5ce44570af162b
patch_url	https://github.com/mosbth/cimage/commit/401478c8393989836beeddfeac5ce44570af162b	https://github.com/mosbth/cimage/commit/401478c8393989836beeddfeac5ce44570af162b
advisoryquote	Correct XSS injection in check_system.php.	Correct XSS injection in check_system.php.
cve	CVE-2016-15022	CVE-2016-15022
responsible	VulDB	VulDB
date	1674860400 (2023-01-28)	1674860400 (2023-01-28)
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	H	H
cvss2_vuldb_au	M	M
cvss2_vuldb_ci	N	N
cvss2_vuldb_ii	P	P
cvss2_vuldb_ai	N	N
cvss2_vuldb_rc	C	C
cvss2_vuldb_rl	OF	OF
cvss2_vuldb_e	ND	ND
cvss3_vuldb_e	X	X
cvss2_vuldb_basescore	1.7	1.7
cvss2_vuldb_tempscore	1.5	1.5
cvss3_vuldb_basescore	2.0	2.0
cvss3_vuldb_tempscore	1.9	1.9
cvss3_meta_basescore	2.0	3.4
cvss3_meta_tempscore	1.9	3.3
price_0day	$0-$5k	$0-$5k
cve_assigned		1674860400 (2023-01-28)
cve_nvd_summary		A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715.
cvss3_nvd_av		N
cvss3_nvd_ac		L
cvss3_nvd_pr		N
cvss3_nvd_ui		R
cvss3_nvd_s		C
cvss3_nvd_c		L
cvss3_nvd_i		L
cvss3_nvd_a		N
cvss2_nvd_av		N
cvss2_nvd_ac		H
cvss2_nvd_au		M
cvss2_nvd_ci		N
cvss2_nvd_ii		P
cvss2_nvd_ai		N
cvss3_cna_av		N
cvss3_cna_ac		H
cvss3_cna_pr		H
cvss3_cna_ui		R
cvss3_cna_s		U
cvss3_cna_c		N
cvss3_cna_i		L
cvss3_cna_a		N
cve_cna		VulDB
cvss2_nvd_basescore		1.7
cvss3_nvd_basescore		6.1
cvss3_cna_basescore		2.0

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!