qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/H5S-GetUserInfo-Information...

69 lines
3.6 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "H5S GetUserInfo Information leakage (CNVD-2020-67113)",
"Description": "<p>H5S video platform is a video management platform that supports Windows Linux (CentOS ubuntu).</p><p>The H5S video platform has an information disclosure vulnerability. The attacker can obtain the administrator account password and cookie information to log in to the background.</p>",
"Product": "H5S video platform",
"Homepage": "https://linkingvision.cn",
"DisclosureDate": "2020-11-01",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"H5S视频平台|WEB\" && title=\"H5S视频平台|WEB\"",
"GobyQuery": "body=\"H5S视频平台|WEB\" && title=\"H5S视频平台|WEB\"",
"Level": "1",
"Impact": "<p>The H5S video platform has an information disclosure vulnerability. The attacker can obtain the administrator account password and cookie information to log in to the background.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://linkingvision.cn\">https://linkingvision.cn</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "H5S 视频管理平台 GetUserInfo 信息泄露漏洞CNVD-2020-67113",
"VulType": ["信息泄露"],
"Tags": ["信息泄露"],
"Description": "<p>H5S视频平台是一个支持Windows Linux(CentOS ubuntu) 视频管理平台。</p><p>H5S 视频平台存在信息泄露漏洞。攻击者可获取管理员账号密码以及Cookie信息登录后台。</p>",
"Impact": "<p>H5S 视频平台存在信息泄露漏洞。攻击者可获取管理员账号密码以及Cookie信息登录后台。</p>",
"Product": "H5S视频平台",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://linkingvision.cn\">https://linkingvision.cn</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "H5S GetUserInfo Information leakage (CNVD-2020-67113)",
"VulType": ["infoleak"],
"Tags": ["infoleak"],
"Description": "<p>H5S video platform is a video management platform that supports Windows Linux (CentOS ubuntu).</p><p>The H5S video platform has an information disclosure vulnerability. The attacker can obtain the administrator account password and cookie information to log in to the background.</p>",
"Impact": "<p>The H5S video platform has an information disclosure vulnerability. The attacker can obtain the administrator account password and cookie information to log in to the background.</p>",
"Product": "H5S video platform",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://linkingvision.cn\">https://linkingvision.cn</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://fofa.so"
],
"HasExp": true,
"ExpParams": [
{
"name": "user",
"type": "input",
"value": "admin"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"infoleak"
],
"VulType": [
"infoleak"
],
"CVEIDs": [
""
],
"CVSSScore": "6.0",
"AttackSurfaces": {
"Application": ["H5S video platform"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
"CNVD-2020-67113"
]
}
Reference in New Issue View Git Blame Copy Permalink