Search criteria
9 vulnerabilities found for Shihonkanri Plus GOOUT by EKAKIN
CVE-2020-5556 (GCVE-0-2020-5556)
Vulnerability from cvelistv5 – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI?
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN63834780/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5556",
"datePublished": "2020-03-25T01:25:29",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5554 (GCVE-0-2020-5554)
Vulnerability from cvelistv5 – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI?
Summary
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5554",
"datePublished": "2020-03-25T01:25:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5555 (GCVE-0-2020-5555)
Vulnerability from cvelistv5 – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI?
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5555",
"datePublished": "2020-03-25T01:25:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5556 (GCVE-0-2020-5556)
Vulnerability from nvd – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI?
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:29",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN63834780/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5556",
"datePublished": "2020-03-25T01:25:29",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5554 (GCVE-0-2020-5554)
Vulnerability from nvd – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI?
Summary
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Directory traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5554",
"datePublished": "2020-03-25T01:25:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5555 (GCVE-0-2020-5555)
Vulnerability from nvd – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI?
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.
Severity ?
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5555",
"datePublished": "2020-03-25T01:25:28",
"dateReserved": "2020-01-06T00:00:00",
"dateUpdated": "2024-08-04T08:30:24.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2020-000902
Vulnerability from jvndb - Published: 2020-03-24 17:53 - Updated:2020-03-24 17:53
Severity ?
Summary
Multiple vulnerabilities in Shihonkanri Plus GOOUT
Details
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.
Shihonkanri Plus GOOUT contains multiple vulnerabilities (which allow reading/writing an arbitrary file) listed below because of the improper validation of input parameter.
* Directory traversal (CWE-22) - CVE-2020-5554
* A vulnerability allowing manipulation of arbitrary files (CWE-20) - CVE-2020-5555
During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.
1. The developer of the product is unreachable:
2. Existence of vulnerability has been verified:
3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product:
4. There are no particular reasons that would make disclosure inappropriate:
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000902.html",
"dc:date": "2020-03-24T17:53+09:00",
"dcterms:issued": "2020-03-24T17:53+09:00",
"dcterms:modified": "2020-03-24T17:53+09:00",
"description": "Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.\r\nShihonkanri Plus GOOUT contains multiple vulnerabilities (which allow reading/writing an arbitrary file) listed below because of the improper validation of input parameter.\r\n\r\n* Directory traversal (CWE-22) - CVE-2020-5554\r\n* A vulnerability allowing manipulation of arbitrary files (CWE-20) - CVE-2020-5555\r\n\r\nDuring the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.\r\n\r\n 1. The developer of the product is unreachable:\r\n 2. Existence of vulnerability has been verified:\r\n 3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product:\r\n 4. There are no particular reasons that would make disclosure inappropriate:",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000902.html",
"sec:cpe": {
"#text": "cpe:/a:ekakin:shihonkanri_plus_goout",
"@product": "shihonkanri Plus GOOUT",
"@vendor": "EKAKIN",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000902",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN32415420/index.html",
"@id": "JVN#32415420",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5554",
"@id": "CVE-2020-5554",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5555",
"@id": "CVE-2020-5555",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5554",
"@id": "CVE-2020-5554",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5555",
"@id": "CVE-2020-5555",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Multiple vulnerabilities in Shihonkanri Plus GOOUT"
}
JVNDB-2020-000903
Vulnerability from jvndb - Published: 2020-03-24 17:47 - Updated:2020-03-24 17:47
Severity ?
Summary
Shihonkanri Plus GOOUT vulnerable to OS command injection
Details
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.
Shihonkanri Plus GOOUT contains an OS command injection (CWE-78) vulnerability.
During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.
1. The developer of the product is unreachable
2. Existence of vulnerability has been verified
3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product
4. There are no particular reasons that would make disclosure inappropriate
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000903.html",
"dc:date": "2020-03-24T17:47+09:00",
"dcterms:issued": "2020-03-24T17:47+09:00",
"dcterms:modified": "2020-03-24T17:47+09:00",
"description": "Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.\r\nShihonkanri Plus GOOUT contains an OS command injection (CWE-78) vulnerability.\r\n\r\nDuring the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.\r\n\r\n1. The developer of the product is unreachable\r\n2. Existence of vulnerability has been verified\r\n3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product\r\n4. There are no particular reasons that would make disclosure inappropriate",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000903.html",
"sec:cpe": {
"#text": "cpe:/a:ekakin:shihonkanri_plus_goout",
"@product": "shihonkanri Plus GOOUT",
"@vendor": "EKAKIN",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000903",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63834780/index.html",
"@id": "JVN#63834780",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5556",
"@id": "CVE-2020-5556",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5556",
"@id": "CVE-2020-5556",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Shihonkanri Plus GOOUT vulnerable to OS command injection"
}
JVNDB-2007-000260
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability
Details
Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000260.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000260.html",
"sec:cpe": {
"#text": "cpe:/a:ekakin:shihonkanri_plus_goout",
"@product": "shihonkanri Plus GOOUT",
"@vendor": "EKAKIN",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000260",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN62334841/index.html",
"@id": "JVN#62334841",
"@source": "JVN"
},
"title": "Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability"
}