41 lines
1.2 KiB
YAML
41 lines
1.2 KiB
YAML
id: CNVD-2019-01348
|
|
|
|
info:
|
|
name: Xiuno BBS CNVD-2019-01348
|
|
author: princechaddha
|
|
severity: high
|
|
description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page.
|
|
remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product.
|
|
reference:
|
|
- https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348
|
|
classification:
|
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
|
cvss-score: 7.5
|
|
cwe-id: CWE-284
|
|
metadata:
|
|
max-request: 1
|
|
tags: xiuno,cnvd,cnvd2019
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/install/"
|
|
|
|
headers:
|
|
Accept-Encoding: deflate
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "/view/js/xiuno.js"
|
|
- "Choose Language (选择语言)"
|
|
condition: and
|
|
|
|
# digest: 4a0a00473045022100959d6311297cf34b821727b43add5b66abf2e750bbec768cca9805208a9f21d502206eb3cc0c3c4f895f712e60b98e8a360a02f92e3d7cb46cbf5d7ef7064217ab43:922c64590222798bb761d5b6d8e72950
|