admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2023-03-30 19:23:47 +08:00 committed by GitHub
parent 9bdbed3cb0
commit 83a1e7a767
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
GobyVuls-Document.md
View File

@ -3,16 +3,27 @@ The following content is an updated vulnerability from Goby. Some of the vulnera
**Updated document date: March 17, 2023**
## Smartbi DB2 JDBC Arbitrary Code Execution Vulnerability
| **Vulnerability** | **Smartbi DB2 JDBC Arbitrary Code Execution Vulnerability** |
| :----: | :-----|
| **Chinese name** |Smartbi DB2 JDBC 任意代码执行漏洞 |
| **CVSS core** | 7.5 |
| **FOFA Query** (click to view the results directly)| [app="Joomla"](https://fofa.info/result?qbase64=YXBwPSJKb29tbGEi) |
| **Number of assets affected** | 747187 |
| **Description** | Attackers can obtain the passwords of MySQL database accounts through unauthorized access vulnerabilities, resulting in sensitive data leakage, and ultimately the system is in an extremely insecure state. |
| **Impact** | Attackers can obtain the passwords of MySQL database accounts through unauthorized access vulnerabilities, resulting in sensitive data leakage, and ultimately the system is in an extremely insecure state. |
## Joomla Web Api Unauthorized Access
| **Vulnerability** | **Joomla Web Api Unauthorized Access** |
| :----: | :-----|
| **Chinese name** |Joomla Web Api接口未授权访问 |
| **CVSS core** | 7.5 |
| **FOFA Query** (click to view the results directly)| [app="FIT2CLOUD-MeterSphere"](https://fofa.info/result?qbase64=YXBwPSJGSVQyQ0xPVUQtTWV0ZXJTcGhlcmUi) |
| **Number of assets affected** | 2574 |
| **Description** | MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing, and is fully compatible with mainstream open source standards such as JMeter and Selenium.</p><p>MeterSphere has an unauthorized arbitrary file read vulnerability. |
| **Impact** | Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website. |
| **FOFA Query** (click to view the results directly)| [app="Joomla"](https://fofa.info/result?qbase64=YXBwPSJKb29tbGEi) |
| **Number of assets affected** | 747187 |
| **Description** | Attackers can obtain the passwords of MySQL database accounts through unauthorized access vulnerabilities, resulting in sensitive data leakage, and ultimately the system is in an extremely insecure state. |
| **Impact** | Attackers can obtain the passwords of MySQL database accounts through unauthorized access vulnerabilities, resulting in sensitive data leakage, and ultimately the system is in an extremely insecure state. |
**Updated document date: March 17, 2023**