2021-06-03 16:24:08 +00:00
id : CNVD-2019-01348
2021-04-23 13:10:17 +00:00
info :
2021-04-23 13:11:15 +00:00
name : Xiuno BBS CNVD-2019-01348
2021-04-23 13:10:17 +00:00
author : princechaddha
severity : medium
2022-01-26 16:56:44 +00:00
description : Xiuno BBS system has a system reinstallation vulnerability that could allow an attacker to directly reinstall the system through the installation page.
2021-04-23 13:10:17 +00:00
reference : https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
2022-01-04 06:18:14 +00:00
tags : xiuno,cnvd,cnvd2019
2022-01-26 16:56:44 +00:00
remediation : There is currently no patch available.
classification :
cvss-metrics : CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score : 6.5
cwe-id : CWE-276
2021-04-23 13:10:17 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}/install/"
headers :
Accept-Encoding : deflate
2022-01-04 06:16:14 +00:00
2021-04-23 13:10:17 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
2022-01-04 06:16:14 +00:00
2021-04-23 13:10:17 +00:00
- type : word
2022-01-04 06:16:14 +00:00
part : body
2021-04-23 13:10:17 +00:00
words :
- "/view/js/xiuno.js"
2022-01-27 19:06:30 +00:00
- "Choose Language (选择语言)"
2021-04-23 13:10:17 +00:00
condition : and
2022-01-26 16:56:44 +00:00
# Enhanced by mp on 2022/01/26
