id: CNVD-2019-01348 info: name: Xiuno BBS CNVD-2019-01348 author: princechaddha severity: high description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page. reference: - https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cwe-id: CWE-284 remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product. tags: xiuno,cnvd,cnvd2019 metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/install/" headers: Accept-Encoding: deflate matchers-condition: and matchers: - type: status status: - 200 - type: word part: body words: - "/view/js/xiuno.js" - "Choose Language (选择语言)" condition: and # Enhanced by mp on 2022/01/26