VDB-290210 · CVE-2024-13136 · GCVE-100-290210

wangl1989 mysiteforme 1.0 ShiroConfig.java rememberMeManager ବିସ୍ତାରିତ ଅଧିକାର

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame wangl1989 mysiteforme 1.0 keessatti argameera. Miidhamni argame is hojii rememberMeManager faayilii src/main/java/com/mysiteforme/admin/config/ShiroConfig.java keessa. Wanti jijjiirame gara ବିସ୍ତାରିତ ଅଧିକାର geessa. Rakkoo ibsuuf CWE yoo fayyadamte gara CWE-502 si geessa. Odeeffannoon kun yeroo 01/04/2025 maxxanfameera akka Mysiteforme 1.0 has Remote Command Execution #52. Odeeffannoon kun buufachuuf github.com irratti argama. Dogoggorri kun CVE-2024-13136 jedhamee waamama. Weerara fageenya irraa jalqabuu ni danda'ama. Ibsa teeknikaa ni jira. Waan dabalataa ta’een, meeshaa balaa kana fayyadamuuf ni jira. Qorannoo miidhaa (exploit) uummataaf ifa taasifameera, kanaafis fayyadamuu ni danda'ama. Ammas, gatii exploit might be approx. USD $0-$5k yeroo ammaa irratti argamuu danda'a. ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ ta’uu isaa ibsameera. Exploit github.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatiin isaa daldala dhoksaa keessatti $0-$5k akka ta'e tilmaamameera. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 ଆଡାପ୍ଟେସନ୍ · 98 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 01/04/2025 10:53 AM	ଅଦ୍ୟତନ 1/2 01/05/2025 10:31 AM	ଅଦ୍ୟତନ 2/2 01/11/2025 03:34 AM
software_vendor	wangl1989	wangl1989	wangl1989
software_name	mysiteforme	mysiteforme	mysiteforme
software_version	1.0	1.0	1.0
software_file	src/main/java/com/mysiteforme/admin/config/ShiroConfig.java	src/main/java/com/mysiteforme/admin/config/ShiroConfig.java	src/main/java/com/mysiteforme/admin/config/ShiroConfig.java
software_function	rememberMeManager	rememberMeManager	rememberMeManager
vulnerability_cwe	CWE-502 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-502 (ବିସ୍ତାରିତ ଅଧିକାର)	CWE-502 (ବିସ୍ତାରିତ ଅଧିକାର)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_identifier	Mysiteforme 1.0 has Remote Command Execution #52	Mysiteforme 1.0 has Remote Command Execution #52	Mysiteforme 1.0 has Remote Command Execution #52
advisory_url	https://github.com/wangl1989/mysiteforme/issues/52	https://github.com/wangl1989/mysiteforme/issues/52	https://github.com/wangl1989/mysiteforme/issues/52
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365	https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365	https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365
source_cve	CVE-2024-13136	CVE-2024-13136	CVE-2024-13136
cna_responsible	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	7.5
cvss3_meta_tempscore	5.7	6.0	7.3
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
advisory_date	1735945200 (01/04/2025)	1735945200 (01/04/2025)	1735945200 (01/04/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		L	L
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		5.3	5.3
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		L	L
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		6.3	6.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		S	S
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		6.5	6.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en wangl1989 mysiteforme 1.0 y se ha clasificado como crítica. Este problema afecta a la función rememberMeManager del archivo src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. La manipulación provoca la deserialización. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss3_nvd_basescore			9.8

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!