Enhancement: cves/2019/CVE-2019-12725.yaml by mp

2022-02-04 11:27:18 -05:00 · 2022-02-04 11:27:18 -05:00 · d13fbad151
parent 421460c87e
commit d13fbad151
1 changed files with 4 additions and 2 deletions
--- a/cves/2019/CVE-2019-12725.yaml
+++ b/cves/2019/CVE-2019-12725.yaml
@ -5,7 +5,7 @@ info:
  author: dwisiswant0
  severity: critical
  description: Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
-  remediation: Upgrade to 3.9.5. Be aware t his product is no longer supported. 
+  remediation: Upgrade to 3.9.5. Be aware this product is no longer supported. 
  reference:
    - https://www.zeroshell.org/new-release-and-critical-vulnerability/
    - https://www.tarlogic.com/advisories/zeroshell-rce-root.txt
@ -28,6 +28,8 @@ requests:
          - 200
      - type: regex
        regex:
-          - "((u|g)id|groups)=[0-9]{1,4}\([a-z0-9]+\)"
+          - "((u|g)id|groups)=[0-9]{1,4}[a-z0-9]+"
+
+# Enhanced by mp on 2022/02/04

 # Enhanced by mp on 2022/02/04