nuclei-templates/http/cnvd/2019/CNVD-2019-01348.yaml

41 lines
1.2 KiB
YAML

id: CNVD-2019-01348
info:
name: Xiuno BBS CNVD-2019-01348
author: princechaddha
severity: high
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product.
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cvss-score: 7.5
cwe-id: CWE-284
metadata:
max-request: 1
tags: xiuno,cnvd,cnvd2019
http:
- method: GET
path:
- "{{BaseURL}}/install/"
headers:
Accept-Encoding: deflate
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "/view/js/xiuno.js"
- "Choose Language (选择语言)"
condition: and
# digest: 4a0a00473045022100959d6311297cf34b821727b43add5b66abf2e750bbec768cca9805208a9f21d502206eb3cc0c3c4f895f712e60b98e8a360a02f92e3d7cb46cbf5d7ef7064217ab43:922c64590222798bb761d5b6d8e72950