Navetti PricePoint 4.6.0.0 Kari ndiyam site laa request forgery

Gaskiya vulnerability da aka ware a matsayin karshewa an samu a Navetti PricePoint 4.6.0.0. Hakika, aikin $software_function ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil $software_file, a cikin sashen $software_component. A sa manipulation ka Kari ndiyam site laa request forgery. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-352. An gano matsalar a 07/18/2016. Hakika, rauni an bayyana shi 03/08/2017 daga W. Schober tare da SEC Consult Vulnerability Lab kamar SEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint kamar Mailinglist Post (Full-Disclosure). An raba bayanin tsaro don saukewa a seclists.org. Wannan matsala ana saninta da CVE-2017-20045. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ba ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga seclists.org. 0-day shima, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a faggata. Once again VulDB remains the best source for vulnerability data.

3 Goyarwa · 57 Datenpunkte

FurɗeSúgá
03/13/2017 08:03		Gargadi 1/2
08/19/2020 10:20		Gargadi 2/2
06/06/2022 13:50
software_vendorNavettiNavettiNavetti
software_namePricePointPricePointPricePoint
software_version4.6.0.04.6.0.04.6.0.0
vulnerability_discoverydate1468800000 (07/18/2016)1468800000 (07/18/2016)1468800000 (07/18/2016)
vulnerability_vendorinformdate1469577600 (07/27/2016)1469577600 (07/27/2016)1469577600 (07/27/2016)
vulnerability_risk111
vulnerability_historic000
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore5.15.15.1
cvss2_vuldb_avNNN
cvss2_vuldb_acMMM
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore7.37.37.3
cvss3_meta_tempscore6.36.36.3
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore6.36.36.3
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
advisory_date1488931200 (03/08/2017)1488931200 (03/08/2017)1488931200 (03/08/2017)
advisory_locationFull-DisclosureFull-DisclosureFull-Disclosure
advisory_typeMailinglist PostMailinglist PostMailinglist Post
advisory_urlhttp://seclists.org/fulldisclosure/2017/Mar/24http://seclists.org/fulldisclosure/2017/Mar/24http://seclists.org/fulldisclosure/2017/Mar/24
advisory_identifierSEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePointSEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePointSEC Consult SA-20170308-0 :: Multiple vulnerabilities in Navetti PricePoint
person_nameW. SchoberW. SchoberW. Schober
company_nameSEC Consult Vulnerability LabSEC Consult Vulnerability LabSEC Consult Vulnerability Lab
advisory_reaction_date1469577600 (07/27/2016)1469577600 (07/27/2016)1469577600 (07/27/2016)
exploit_availability111
exploit_date1488931200 (03/08/2017)1488931200 (03/08/2017)1488931200 (03/08/2017)
exploit_publicity111
exploit_urlhttp://seclists.org/fulldisclosure/2017/Mar/24http://seclists.org/fulldisclosure/2017/Mar/24http://seclists.org/fulldisclosure/2017/Mar/24
developer_nameW. SchoberW. SchoberW. Schober
exploit_languageHTML/JavascriptHTML/JavascriptHTML/Javascript
price_0day$0-$5k$0-$5k$0-$5k
countermeasure_nameGargajiyaGargajiyaGargajiya
countermeasure_date1475280000 (10/01/2016)1475280000 (10/01/2016)1475280000 (10/01/2016)
upgrade_version4.7.0.04.7.0.04.7.0.0
source_seealso97861 97862 9786397861 97862 9786397861 97862 97863
cvss2_vuldb_ePOCPOCPOC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcURURUR
cvss3_vuldb_ePPP
cvss3_vuldb_rlOOO
cvss3_vuldb_rcRRR
reaction_days666666
0day_days757575
vulnerability_cweCWE-352 (Kari ndiyam site laa request forgery)CWE-352 (Kari ndiyam site laa request forgery)
source_cveCVE-2017-20045
cna_responsibleVulDB

GurɗoGumtiGada

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!