qwqdanchun
/
Goby
mirror of https://github.com/qwqdanchun/Goby.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Goby/json/Softneta-MedDream-6.7.11-Di...

60 lines
3.8 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Name": "Softneta MedDream 6.7.11 Directory Traversal",
"Description": "<p>Softneta specializes in medical imaging and communication solutions to improve the quality of healthcare. The company was founded in 2007 and possesses 14+ years of experience in the development of medical devices for processing, visualization and transmission of diagnostic medical data.</p><p>Softneta MedDream PACS Server Premium 6.7.1.1 nocache.php has Directory Traversal</p>",
"Product": "MedDream",
"Homepage": "https://www.softneta.com/products/meddream-pacs-server/downloads.html",
"DisclosureDate": "2018-05-23",
"Author": "1291904552@qq.com",
"FofaQuery": "body=\"MedDream\"",
"GobyQuery": "body=\"MedDream\"",
"Level": "2",
"Impact": "<p>Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.</p>",
"Recommandation": "<p>The vendor has released a bug fix, please pay attention to the update in time: https://www.softneta.com</p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>",
"Translation": {
"CN": {
"Name": "Softneta MedDream 6.7.11 版本文件读取漏洞",
"VulType": ["文件读取"],
"Description": "<p>Softneta 专注于医学成像和通信解决方案,以提高医疗保健质量。该公司成立于 2007 年,在用于处理、可视化和传输诊断医疗数据的医疗设备开发方面拥有 14 年以上的经验。</p><p>Softneta MedDream PACS Server Premium 6.7.1.1版本 nocache.php文件存在 文件读取漏洞</p>",
"Impact": "<p>攻击者可通过该漏洞读取泄露源码、数据库配置⽂件等等,导致⽹站处于极度不安全状态。</p>",
"Product": "MedDream",
"Recommendation": "<p>⼚商已发布了漏洞修复程序,请及时关注更新:<a href=\"https://www.softneta.com/\">https://www.softneta.com/</a></p><p>1、通过防⽕墙等安全设备设置访问策略设置⽩名单访问。</p><p>2、如⾮必要禁⽌公⽹访问该系统。</p>"
},
"EN": {
"Name": "Softneta MedDream 6.7.11 Directory Traversal",
"VulType": ["file-read"],
"Description": "<p>Softneta specializes in medical imaging and communication solutions to improve the quality of healthcare. The company was founded in 2007 and possesses 14+ years of experience in the development of medical devices for processing, visualization and transmission of diagnostic medical data.</p><p>Softneta MedDream PACS Server Premium 6.7.1.1 nocache.php has Directory Traversal</p>",
"Impact": "<p>Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.</p>",
"Product": "MedDream",
"Recommendation":"<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://www.softneta.com/\">https://www.softneta.com//</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2. If not necessary, prohibit public network access to the system.</p>"
}
},
"References": [
"https://www.exploit-db.com/exploits/45347"
],
"HasExp": true,
"ExpParams": [
{
"name": "filepath",
"type": "createSelect",
"value": "../../../../../../../../../../../../../../../../MedDreamPACS-Premium/passwords.txt,/../../../../../../Windows/win.ini"
}
],
"ExpTips": null,
"ScanSteps": null,
"ExploitSteps": null,
"Tags": [
"file-read"
],
"VulType": ["fileread"],
"CVE": "",
"CNNVD": "",
"CNVD": "",
"CVSSScore": "0.0",
"AttackSurfaces": {
"Application": ["MedDream"],
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}
Reference in New Issue View Git Blame Copy Permalink