qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/SuperWebmailer-RCE-(CVE-202...

69 lines
3.9 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "SuperWebmailer RCE (CVE-2020-11546)",
"Description": "<p>Superwebmailer is a web-based PHP communication software, used for communication recipient management, sending HTML newsletters, birthday emails.</p><p>The Language parameter of the mailingupgrade.php file in SuperWebMailer 7.21.0.01526 version has an injection vulnerability. Attackers can use this vulnerability to execute arbitrary PHP code.</p>",
"Product": "SuperWebmailer",
"Homepage": "https://www.superwebmailer.de/",
"DisclosureDate": "2021-12-01",
"Author": "1291904552@qq.com",
"FofaQuery": "title=\"SuperWebMailer\"",
"GobyQuery": "title=\"SuperWebMailer\"",
"Level": "3",
"Impact": "<p>The Language parameter of the mailingupgrade.php file in SuperWebMailer 7.21.0.01526 version has an injection vulnerability. Attackers can use this vulnerability to execute arbitrary PHP code.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.superwebmailer.de/\">https://www.superwebmailer.de/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "SuperWebmailer RCE (CVE-2020-11546)",
"VulType": ["代码执行"],
"Tags": ["代码执行"],
"Description": "<p>Superwebmailer是一个基于 Web 的 PHP 通讯软件,用于通讯收件人管理,发送 HTML 通讯,生日电子邮件。</p><p>SuperWebMailer 7.21.0.01526版本中的mailingupgrade.php文件的Language参数存在注入漏洞。攻击者可利用该漏洞执行任意的PHP代码。</p>",
"Impact": "<p>SuperWebMailer 7.21.0.01526版本中的mailingupgrade.php文件的Language参数存在注入漏洞。攻击者可利用该漏洞执行任意的PHP代码。</p>",
"Product": "SuperWebmailer",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://www.superwebmailer.de/\">https://www.superwebmailer.de/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "SuperWebmailer RCE (CVE-2020-11546)",
"VulType": ["rce"],
"Tags": ["rce"],
"Description": "<p>Superwebmailer is a web-based PHP communication software, used for communication recipient management, sending HTML newsletters, birthday emails.</p><p>The Language parameter of the mailingupgrade.php file in SuperWebMailer 7.21.0.01526 version has an injection vulnerability. Attackers can use this vulnerability to execute arbitrary PHP code.</p>",
"Impact": "<p>The Language parameter of the mailingupgrade.php file in SuperWebMailer 7.21.0.01526 version has an injection vulnerability. Attackers can use this vulnerability to execute arbitrary PHP code.</p>",
"Product": "SuperWebmailer",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.superwebmailer.de/\">https://www.superwebmailer.de/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-11546"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "ls"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2020-14065"
],
"CVSSScore": "9.0",
"AttackSurfaces": {
"Application": ["SuperWebmailer"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202007-1116"
],
"CNVD": [
"CNVD-2020-46560"
]
}
Reference in New Issue View Git Blame Copy Permalink