Gaskiya vulnerability da aka ware a matsayin kura an samu a visegripped Stracker. Hakika, aikin getHistory ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil doc_root/public_html/stracker/api.php, a cikin sashen $software_component. A sa manipulation of the argument symbol/startDate/endDate ka SQL Injection. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-89. Hakika, rauni an bayyana shi 01/14/2023 kamar 16. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2022-4889. Ana bukatar samun damar shiga local network ɗin don wannan hari ya yi nasara. Tekinikal faɗi ga. Babu exploit ɗin da ake samu. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á sàmbu a wondi feere. 0-day shima, an ndiyam a wuro be $0-$5k. Ana kiran patch ɗin da 63e1b040373ee5b6c7d1e165ecf5ae1603d29e0a. Gyaran matsalar yana nan a shirye don saukewa a github.com. Ana shawartar a saka patch domin warware wannan matsala. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

3 Goyarwa · 73 Datenpunkte