qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Emlog-5.3.1-Path-Disclosure...

71 lines
3.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Emlog 5.3.1 Path Disclosure (CVE-2021-3293)",
"Description": "<p>emlog is a fast, stable and easy-to-use blog and CMS website building system based on PHP and MySQL.</p><p>The emlog management system v5.3.1 has a full path disclosure vulnerability in t/index.php. Attackers can see the path of webroot/file through this vulnerability, and cooperate with other vulnerabilities to further exploit.</p>",
"Product": "EMLOG",
"Homepage": "http://www.emlog.net/",
"DisclosureDate": "2021-05-25",
"Author": "1291904552@qq.com",
"FofaQuery": "app=\"EMLOG\" || app=\"Emlog\"",
"GobyQuery": "app=\"EMLOG\" || app=\"Emlog\"",
"Level": "2",
"Impact": "<p>The emlog management system v5.3.1 has a full path disclosure vulnerability in t/index.php. Attackers can see the path of webroot/file through this vulnerability, and cooperate with other vulnerabilities to further exploit.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"http://www.emlog.net/\">http://www.emlog.net/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Emlog 5.3.1 版本路径信息泄露漏洞 CVE-2021-3293",
"VulType": [
"路径泄露"
],
"Description": "<p>emlog是一个基于PHP和MySQL的功能强大的博客及CMS建站系统追求快速、稳定、简单、舒适的建站体验。</p><p>emlog管理系统 v5.3.1 在 t/index.php 中存在全路径泄露漏洞,攻击者可以通过该漏洞看到 webroot/file 的路径,配合其他漏洞进行更深得利用。</p>",
"Impact": "<p>emlog管理系统 v5.3.1 在 t/index.php 中存在全路径泄露漏洞,攻击者可以通过该漏洞看到 webroot/file 的路径,配合其他漏洞进行更深得利用。</p>",
"Product": "EMLOG",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"http://www.emlog.net/\">http://www.emlog.net/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Emlog 5.3.1 Path Disclosure (CVE-2021-3293)",
"VulType": [
"path-disclosure"
],
"Description": "<p>emlog is a fast, stable and easy-to-use blog and CMS website building system based on PHP and MySQL.</p><p>The emlog management system v5.3.1 has a full path disclosure vulnerability in t/index.php. Attackers can see the path of webroot/file through this vulnerability, and cooperate with other vulnerabilities to further exploit.</p>",
"Impact": "<p>The emlog management system v5.3.1 has a full path disclosure vulnerability in t/index.php. Attackers can see the path of webroot/file through this vulnerability, and cooperate with other vulnerabilities to further exploit.</p>",
"Product": "EMLOG",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"http://www.emlog.net/\">http://www.emlog.net/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-3293"
],
"HasExp": true,
"ExpParams": [
{
"name": "filepath",
"type": "createSelect",
"value": "/t/index.php?action[]=aaaa"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"path-disclosure"
],
"VulType": [
"path-disclosure"
],
"CVEIDs": [
"CVE-2021-3293"
],
"CVSSScore": "7.5",
"AttackSurfaces": {
"Application": ["EMLOG"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink