PictureThisWebServer routes/user.js router.post username/password SQL注入

条目历史差异jsonxmlCTI

在PictureThisWebServer 中曾发现分类为致命的漏洞。此漏洞会影响功能 router.post文件routes/user.js。手动调试的软件参数:username/password不合法输入可导致 SQL注入。漏洞的CWE定义是 CWE-89。此漏洞的脆弱性 2023-01-15公示人身份68b9dc346e88b494df00d88c7d058e96820e1479、所分享。阅读公告的网址是github.com。该漏洞被标识为CVE-2015-10055，成功的攻击必须要先进入局域网。有技术细节可用。没有可利用漏洞。当前漏洞利用的价值为美元大约是$0-$5k 。根据MITRE ATT&CK，此问题部署的攻击技术是T1505。它被宣布为未定义。我们估计的零日攻击价值约为$0-$5k。补丁名称为68b9dc346e88b494df00d88c7d058e96820e1479。错误修复程序下载地址为github.com，建议采用一个补丁来修正此问题。该漏洞被披露后，此前未曾发表过可能的缓解措施。

时间轴

用户

1	47

字段

vulnerability_cvss3_meta_tempscore	2
vulnerability_cvss3_meta_basescore	2
vulnerability_cvss3_cna_basescore	1
vulnerability_cvss3_nvd_basescore	1
vulnerability_cvss2_nvd_basescore	1

Commit Conf

90%	35
70%	26
50%	12

Approve Conf

90%	35
70%	26
80%	12

ID	已提交	用户	字段	更改	备注	已接受	地位	C
13643378	2023-02-07	VulD...	cvss3_cna_basescore	5.5	see CVSS documentation	2023-02-07	已接受	90
13643377	2023-02-07	VulD...	cvss3_nvd_basescore	9.8	nist.gov	2023-02-07	已接受	90
13643376	2023-02-07	VulD...	cvss2_nvd_basescore	5.2	nist.gov	2023-02-07	已接受	90
13643375	2023-02-07	VulD...	cvss3_meta_tempscore	6.9	see CVSS documentation	2023-02-07	已接受	90
13643374	2023-02-07	VulD...	cvss3_meta_basescore	6.9	see CVSS documentation	2023-02-07	已接受	90
13643373	2023-02-07	VulD...	cve_cna	VulDB	nvd.nist.gov	2023-02-07	已接受	70
13643372	2023-02-07	VulD...	cvss3_cna_a	L	nvd.nist.gov	2023-02-07	已接受	70
13643371	2023-02-07	VulD...	cvss3_cna_i	L	nvd.nist.gov	2023-02-07	已接受	70
13643370	2023-02-07	VulD...	cvss3_cna_c	L	nvd.nist.gov	2023-02-07	已接受	70
13643369	2023-02-07	VulD...	cvss3_cna_s	U	nvd.nist.gov	2023-02-07	已接受	70
13643368	2023-02-07	VulD...	cvss3_cna_ui	N	nvd.nist.gov	2023-02-07	已接受	70
13643367	2023-02-07	VulD...	cvss3_cna_pr	L	nvd.nist.gov	2023-02-07	已接受	70
13643366	2023-02-07	VulD...	cvss3_cna_ac	L	nvd.nist.gov	2023-02-07	已接受	70
13643365	2023-02-07	VulD...	cvss3_cna_av	A	nvd.nist.gov	2023-02-07	已接受	70
13643364	2023-02-07	VulD...	cvss2_nvd_ai	P	nvd.nist.gov	2023-02-07	已接受	70
13643363	2023-02-07	VulD...	cvss2_nvd_ii	P	nvd.nist.gov	2023-02-07	已接受	70
13643362	2023-02-07	VulD...	cvss2_nvd_ci	P	nvd.nist.gov	2023-02-07	已接受	70
13643361	2023-02-07	VulD...	cvss2_nvd_au	S	nvd.nist.gov	2023-02-07	已接受	70
13643360	2023-02-07	VulD...	cvss2_nvd_ac	L	nvd.nist.gov	2023-02-07	已接受	70
13643359	2023-02-07	VulD...	cvss2_nvd_av	A	nvd.nist.gov	2023-02-07	已接受	70

53 更多条目未显示

🔒 Login Required

You need to signup and login to see more of the remaining 53 results.

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!