qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/MCMS-5.2.4-categoryId-sqli....

69 lines
3.5 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "MCMS 5.2.4 categoryId sqli",
"Description": "<p>Mingfei MCms is a complete open source content management system.</p><p>The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.</p>",
"Product": "MCMS",
"Homepage": "https://gitee.com/mingSoft/MCMS",
"DisclosureDate": "2022-01-04",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"ms/1.0.0/ms.js\" || body=\"铭飞MCMS\"",
"GobyQuery": "body=\"ms/1.0.0/ms.js\" || body=\"铭飞MCMS\"",
"Level": "2",
"Impact": "<p>The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://gitee.com/mingSoft/MCMS\">https://gitee.com/mingSoft/MCMS</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "铭飞MCms 5.2.4版本 categoryId 参数 存在SQL 注入漏洞",
"VulType": ["SQL注入"],
"Tags": ["SQL注入"],
"Description": "<p>铭飞MCms 是一款完整开源的内容管理系统。</p><p>铭飞MCms 5.2.4版本 categoryId 参数存在SQL注入漏洞攻击者可利用漏洞获取敏感信息进一步控制服务器。</p>",
"Impact": "<p>铭飞MCms 5.2.4版本 categoryId 参数存在SQL注入漏洞攻击者可利用漏洞获取敏感信息进一步控制服务器。</p>",
"Product": "MCMS",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://gitee.com/mingSoft/MCMS\">https://gitee.com/mingSoft/MCMS</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "MCMS 5.2.4 categoryId sqli",
"VulType": ["sqli"],
"Tags": ["sqli"],
"Description": "<p>Mingfei MCms is a complete open source content management system.</p><p>The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.</p>",
"Impact": "<p>The categoryId parameter of MCms 5.2.4 has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information and further control the server.</p>",
"Product": "MCMS",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://gitee.com/mingSoft/MCMS\">https://gitee.com/mingSoft/MCMS</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://forum.butian.net/share/998"
],
"HasExp": true,
"ExpParams": [
{
"name": "sqlQuery",
"type": "input",
"value": "user()"
}
],
"ExpTips": null,
"ScanSteps": null,
"Tags": [
"sqli"
],
"VulType": [
"sqli"
],
"CVEIDs": [
""
],
"CVSSScore": "8.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
},
"CNNVD": [
""
],
"CNVD": [
""
]
}
Reference in New Issue View Git Blame Copy Permalink