2021-06-03 16:24:08 +00:00
id : CNVD-2019-01348
2021-04-23 13:10:17 +00:00
info :
2021-04-23 13:11:15 +00:00
name : Xiuno BBS CNVD-2019-01348
2021-04-23 13:10:17 +00:00
author : princechaddha
2022-02-15 06:09:56 +00:00
severity : high
description : The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
2023-10-14 11:27:55 +00:00
remediation : Upgrade to the latest version of Xiuno BBS or switch to a supported product.
2022-04-22 10:38:41 +00:00
reference :
- https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
2022-01-28 05:42:09 +00:00
classification :
2022-02-15 06:09:56 +00:00
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score : 7.5
cwe-id : CWE-284
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2024-01-14 09:21:50 +00:00
tags : cnvd2019,cnvd,xiuno
2021-04-23 13:10:17 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-04-23 13:10:17 +00:00
- method : GET
path :
- "{{BaseURL}}/install/"
2023-10-14 11:27:55 +00:00
2021-04-23 13:10:17 +00:00
headers :
Accept-Encoding : deflate
2022-01-04 06:16:14 +00:00
2021-04-23 13:10:17 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
2022-01-04 06:16:14 +00:00
2021-04-23 13:10:17 +00:00
- type : word
2022-01-04 06:16:14 +00:00
part : body
2021-04-23 13:10:17 +00:00
words :
- "/view/js/xiuno.js"
2022-01-27 19:06:30 +00:00
- "Choose Language (选择语言)"
2023-10-14 11:27:55 +00:00
condition : and
2023-10-20 11:41:13 +00:00
# digest: 4a0a00473045022100959d6311297cf34b821727b43add5b66abf2e750bbec768cca9805208a9f21d502206eb3cc0c3c4f895f712e60b98e8a360a02f92e3d7cb46cbf5d7ef7064217ab43:922c64590222798bb761d5b6d8e72950