VDB-230084 · CVE-2021-4336 · GCVE-100-230084

ITRS Group monitor-ninja ଯେପର୍ଯ୍ୟନ୍ତ 2021.11.1 scheduled_reports.php SQL ଇଞ୍ଜେକ୍ସନ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame ITRS Group monitor-ninja ଯେପର୍ଯ୍ୟନ୍ତ 2021.11.1 keessatti argameera. Miidhamni argame is hojii hin beekamne faayilii modules/reports/models/scheduled_reports.php keessa. Wanti jijjiirame gara SQL ଇଞ୍ଜେକ୍ସନ geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-89 si geessa. Odeeffannoon kun yeroo 09/29/2021 maxxanfameera akka 6da9080faec9bca1ca5342386c0421dca0a6c0cc. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2021-4336 jedhamee waamama. Weerara kanaaf milkaa'ina argachuuf, networkii naannoo irratti argamuu qabda. Ibsa teeknikaa ni jira. Meeshaa balaa kana fayyadamuuf hin jirre. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ଅପରିଭାଷିତ ta’uu isaa ibsameera. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. Idaantifayarii paachii 6da9080faec9bca1ca5342386c0421dca0a6c0cc dha. Sirreeffamni dogoggoraa github.com irraa buufachuuf qophaa’eera. Qabiyyee miidhamte haaromsuuf gorsa ni kennama. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 75 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 05/27/2023 09:53 AM	ଅଦ୍ୟତନ 1/2 06/21/2023 01:03 PM	ଅଦ୍ୟତନ 2/2 06/21/2023 01:11 PM
software_vendor	ITRS Group	ITRS Group	ITRS Group
software_name	monitor-ninja	monitor-ninja	monitor-ninja
software_version	<=2021.11.1	<=2021.11.1	<=2021.11.1
software_file	modules/reports/models/scheduled_reports.php	modules/reports/models/scheduled_reports.php	modules/reports/models/scheduled_reports.php
vulnerability_cwe	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)	CWE-89 (SQL ଇଞ୍ଜେକ୍ସନ)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_date	1632866400 (09/29/2021)	1632866400 (09/29/2021)	1632866400 (09/29/2021)
advisory_identifier	6da9080faec9bca1ca5342386c0421dca0a6c0cc	6da9080faec9bca1ca5342386c0421dca0a6c0cc	6da9080faec9bca1ca5342386c0421dca0a6c0cc
advisory_url	https://github.com/ITRS-Group/monitor-ninja/commit/6da9080faec9bca1ca5342386c0421dca0a6c0cc	https://github.com/ITRS-Group/monitor-ninja/commit/6da9080faec9bca1ca5342386c0421dca0a6c0cc	https://github.com/ITRS-Group/monitor-ninja/commit/6da9080faec9bca1ca5342386c0421dca0a6c0cc
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
countermeasure_date	1632866400 (09/29/2021)	1632866400 (09/29/2021)	1632866400 (09/29/2021)
upgrade_version	2021.11.30	2021.11.30	2021.11.30
countermeasure_upgrade_url	https://github.com/ITRS-Group/monitor-ninja/releases/tag/v2021.11.30	https://github.com/ITRS-Group/monitor-ninja/releases/tag/v2021.11.30	https://github.com/ITRS-Group/monitor-ninja/releases/tag/v2021.11.30
patch_name	6da9080faec9bca1ca5342386c0421dca0a6c0cc	6da9080faec9bca1ca5342386c0421dca0a6c0cc	6da9080faec9bca1ca5342386c0421dca0a6c0cc
countermeasure_patch_url	https://github.com/ITRS-Group/monitor-ninja/commit/6da9080faec9bca1ca5342386c0421dca0a6c0cc	https://github.com/ITRS-Group/monitor-ninja/commit/6da9080faec9bca1ca5342386c0421dca0a6c0cc	https://github.com/ITRS-Group/monitor-ninja/commit/6da9080faec9bca1ca5342386c0421dca0a6c0cc
countermeasure_advisoryquote	This escapes a bunch of variables used in SQL statements, which could otherwise be used to perform SQL injection attacks.	This escapes a bunch of variables used in SQL statements, which could otherwise be used to perform SQL injection attacks.	This escapes a bunch of variables used in SQL statements, which could otherwise be used to perform SQL injection attacks.
source_cve	CVE-2021-4336	CVE-2021-4336	CVE-2021-4336
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.9
cvss3_meta_tempscore	5.3	5.3	6.9
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1685138400 (05/27/2023)	1685138400 (05/27/2023)
cve_nvd_summary		A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.	A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			9.8
cvss3_cna_basescore			5.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Do you know our Splunk app?

Download it now for free!