qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Chemex-Auth-File-Upload-CNV...

54 lines
3.4 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Chemex Auth File Upload CNVD-2021-15573",
"Description": "<p>Coffee pot Chemex is a free, open source, efficient and beautiful IT operation and maintenance management platform.</p><p>Chemex has a background file upload vulnerability(default login admin:admin), which can be exploited by attackers to gain control of the server.</p>",
"Product": "Chemex",
"Homepage": "https://gitee.com/dcat-phper/chemex",
"DisclosureDate": "2021-02-02",
"Author": "1291904552@qq.com",
"FofaQuery": "(title=\"咖啡壶\" || body=\"让IT资产管理更加简单\") && body=\"CreateDcat\"",
"GobyQuery": "(title=\"咖啡壶\" || body=\"让IT资产管理更加简单\") && body=\"CreateDcat\"",
"Level": "3",
"Impact": "<p>Chemex has a background file upload vulnerability, which can be exploited by attackers to gain control of the server.</p>",
"Recommandation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://gitee.com/dcat-phper/chemex\">https://gitee.com/dcat-phper/chemex/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Chemex 文件上传漏洞 CNVD-2021-15573",
"VulType": ["文件上传"],
"Description": "<p>咖啡壶Chemex是一个免费、开源、高效且漂亮的IT运维管理平台。</p><p>Chemex存在后台文件上传漏洞默认密码admin:admin攻击者可利用该漏洞获取服务器控制权。</p>",
"Impact": "<p>Chemex存在后台文件上传漏洞攻击者可利用该漏洞获取服务器控制权。</p>",
"Product": "咖啡壶",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://gitee.com/dcat-phper/chemex\">https://gitee.com/dcat-phper/chemex</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Chemex Auth File Upload CNVD-2021-15573",
"VulType": ["fileupload"],
"Description": "<p>Coffee pot Chemex is a free, open source, efficient and beautiful IT operation and maintenance management platform.</p><p>Chemex has a background file upload vulnerability(default login admin:admin), which can be exploited by attackers to gain control of the server.</p>",
"Impact": "<p>Chemex has a background file upload vulnerability, which can be exploited by attackers to gain control of the server.</p>",
"Product": "Chemex",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://gitee.com/dcat-phper/chemex\">https://gitee.com/dcat-phper/chemex/</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://www.cnvd.org.cn/flaw/show/CNVD-2021-15573"
],
"HasExp": true,
"ExpParams": null,
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": null,
"ExploitSteps": null,
"Tags": [
"fileupload"
],
"CVEIDs": null,
"CVSSScore": "0.0",
"AttackSurfaces": {
"Application": ["Chemex"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink