Add remediation information to CVE-2021-40539 and CVE-2021-44427 (#3237)
* Added remediation to CVE-2021-40539 * Added remediation to CVE-2021-44427 Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>patch-1
parent
40d7678327
commit
854b464b1d
|
@ -4,7 +4,8 @@ info:
|
||||||
name: ManageEngine ADSelfService Plus version 6113 Unauthenticated RCE
|
name: ManageEngine ADSelfService Plus version 6113 Unauthenticated RCE
|
||||||
author: daffainfo,pdteam
|
author: daffainfo,pdteam
|
||||||
severity: critical
|
severity: critical
|
||||||
description: ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.
|
description: ManageEngine ADSelfService Plus version 6113 and prior are vulnerable to a REST API authentication bypass which leads to remote code execution.
|
||||||
|
remediation: Upgrade to ADSelfService Plus build 6114.
|
||||||
reference:
|
reference:
|
||||||
- https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
|
- https://attackerkb.com/topics/DMSNq5zgcW/cve-2021-40539/rapid7-analysis
|
||||||
- https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
|
- https://www.synacktiv.com/publications/how-to-exploit-cve-2021-40539-on-manageengine-adselfservice-plus.html
|
||||||
|
@ -110,4 +111,4 @@ requests:
|
||||||
|
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
|
@ -4,7 +4,8 @@ info:
|
||||||
name: Rosario Student Information System Unauthenticated SQL Injection
|
name: Rosario Student Information System Unauthenticated SQL Injection
|
||||||
author: furkansayim,xShuden
|
author: furkansayim,xShuden
|
||||||
severity: critical
|
severity: critical
|
||||||
description: An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
|
description: An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
|
||||||
|
remediation: Upgrade to version 8.1.1 or higher.
|
||||||
reference:
|
reference:
|
||||||
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/328
|
- https://gitlab.com/francoisjacquet/rosariosis/-/issues/328
|
||||||
- https://twitter.com/RemotelyAlerts/status/1465697928178122775
|
- https://twitter.com/RemotelyAlerts/status/1465697928178122775
|
||||||
|
|
Loading…
Reference in New Issue