VDB-289170 · CVE-2024-12900 · GCVE-100-289170

FoxCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.2 Configuration File /install/installdb.php database password ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame FoxCMS ଯେପର୍ଯ୍ୟନ୍ତ 1.2 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /install/installdb.php keessa kutaa Configuration File Handler keessa. Hojii jijjiirraa irratti gaggeeffame database password gara ବିସ୍ତାରିତ ଅଧିକାର geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-94 geessa. Dadhabbii kana yeroo 12/22/2024 maxxanfameera. Odeeffannoon kun buufachuuf note.zhaoj.in irratti qoodameera. Dogoggorri kun akka CVE-2024-12900tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana note.zhaoj.in irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 ଆଡାପ୍ଟେସନ୍ · 97 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/22/2024 05:52 PM	ଅଦ୍ୟତନ 1/2 12/23/2024 03:21 AM	ଅଦ୍ୟତନ 2/2 07/15/2025 11:08 PM
software_name	FoxCMS	FoxCMS	FoxCMS
software_version	<=1.2	<=1.2	<=1.2
software_component	Configuration File Handler	Configuration File Handler	Configuration File Handler
software_file	/install/installdb.php	/install/installdb.php	/install/installdb.php
software_argument	database password	database password	database password
vulnerability_cwe	CWE-94 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-94 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-94 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://note.zhaoj.in/share/iDCwOv9vfDTI	https://note.zhaoj.in/share/iDCwOv9vfDTI	https://note.zhaoj.in/share/iDCwOv9vfDTI
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://note.zhaoj.in/share/iDCwOv9vfDTI	https://note.zhaoj.in/share/iDCwOv9vfDTI	https://note.zhaoj.in/share/iDCwOv9vfDTI
source_cve	CVE-2024-12900	CVE-2024-12900	CVE-2024-12900
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.7	6.0	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1734822000 (12/22/2024)	1734822000 (12/22/2024)	1734822000 (12/22/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cve_nvd_summaryes			Una vulnerabilidad ha sido encontrada en FoxCMS hasta 1.2 y clasificada como crítica. Una función desconocida del archivo /install/installdb.php del componente Configuration File Handler es afectada por esta vulnerabilidad. La manipulación del argumento contraseña de la base de datos conduce a la inyección de código. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!