admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-29 05:56:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-251xx/CVE-2020-25130.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

116 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-25130",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-09-25T14:15:13.860",
"lastModified": "2020-09-30T00:22:21.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Observium Professional, Enterprise & Community versi\u00f3n 20.8.10631. Es vulnerable a una inyecci\u00f3n SQL debido al hecho de que es posible inyectar sentencias SQL maliciosas en tipos de par\u00e1metros malformados. Al enviar la Matriz tipo variable inapropiada permite omitir el saneamiento de la Inyecci\u00f3n SQL principal. Los usuarios autenticados son capaces de inyectar consultas SQL maliciosas. Esta vulnerabilidad conlleva a un filtrado completo de la base de datos, incluyendo ckeys que pueden ser usadas en el proceso de autenticaci\u00f3n sin conocer el nombre de usuario y la contrase\u00f1a en texto sin cifrar. Esto puede ocurrir mediante el campo group_id del archivo ajax/actions.php"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:observium:observium:20.8.10631:*:*:*:community:*:*:*",
"matchCriteriaId": "A10D901F-6123-433A-8EB3-951C0345A24B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:observium:observium:20.8.10631:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "C7176124-B91A-4013-8242-44374DB62624"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:observium:observium:20.8.10631:*:*:*:professional:*:*:*",
"matchCriteriaId": "93B444CB-8890-466D-B9C4-2BEC146C79CB"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/mariuszpoplawski/243d1e7c07adc736bae8069fe831745c",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink