2021-06-03 16:24:08 +00:00
id : CNVD-2019-01348
2021-04-23 13:10:17 +00:00
info :
2021-04-23 13:11:15 +00:00
name : Xiuno BBS CNVD-2019-01348
2021-04-23 13:10:17 +00:00
author : princechaddha
2022-02-15 06:09:56 +00:00
severity : high
description : The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
2022-04-22 10:38:41 +00:00
reference :
- https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
2022-01-28 05:42:09 +00:00
classification :
2022-02-15 06:09:56 +00:00
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score : 7.5
cwe-id : CWE-284
2022-04-22 10:38:41 +00:00
remediation : Upgrade to the latest version of Xiuno BBS or switch to a supported product.
tags : xiuno,cnvd,cnvd2019
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-04-23 13:10:17 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-04-23 13:10:17 +00:00
- method : GET
path :
- "{{BaseURL}}/install/"
headers :
Accept-Encoding : deflate
2022-01-04 06:16:14 +00:00
2021-04-23 13:10:17 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 200
2022-01-04 06:16:14 +00:00
2021-04-23 13:10:17 +00:00
- type : word
2022-01-04 06:16:14 +00:00
part : body
2021-04-23 13:10:17 +00:00
words :
- "/view/js/xiuno.js"
2022-01-27 19:06:30 +00:00
- "Choose Language (选择语言)"
2021-04-23 13:10:17 +00:00
condition : and
2022-01-26 16:56:44 +00:00
# Enhanced by mp on 2022/01/26