daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2018/CVE-2018-9161.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-13 13:14:07 -04:00
parent 7282bcffab
commit 404762182d
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2018/CVE-2018-9161.yaml
View File

@ -4,8 +4,7 @@ info:
name: PrismaWEB - Credentials Disclosure
author: gy741
severity: critical
description: The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be
disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
description: PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
- https://nvd.nist.gov/vuln/detail/CVE-2018-9161
@ -33,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/05/13