jvndb-2022-000068
Vulnerability from jvndb
Published
2022-09-05 15:22
Modified
2024-06-13 16:00
Severity ?
3.1 (Low) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
Details
Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability (CWE-200). Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is requireid for an attacker to access the affected product within in 30 seconds. Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
JVN http://jvn.jp/en/jp/JVN34205166/index.html
CVE https://www.cve.org/CVERecord?id=CVE-2022-38400
NVD https://nvd.nist.gov/vuln/detail/CVE-2022-38400
Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
SYNCK GRAPHICAMailform Pro CGI
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000068.html",
  "dc:date": "2024-06-13T16:00+09:00",
  "dcterms:issued": "2022-09-05T15:22+09:00",
  "dcterms:modified": "2024-06-13T16:00+09:00",
  "description": "Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability (CWE-200).\r\n\r\nThanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is requireid for an attacker to access the affected product within in 30 seconds.\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-000068.html",
  "sec:cpe": {
    "#text": "cpe:/a:synck_graphica:mailform_pro_cgi",
    "@product": "Mailform Pro CGI",
    "@vendor": "SYNCK GRAPHICA",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "3.1",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-000068",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN34205166/index.html",
      "@id": "JVN#34205166",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-38400",
      "@id": "CVE-2022-38400",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-38400",
      "@id": "CVE-2022-38400",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.