VAR-201702-0921
Vulnerability from variot - Updated: 2023-12-18 13:14An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. An attacker can exploit the vulnerability to run arbitrary code, the application may be denied service conditions due to excessive consumption of resources, access or modify data, or exploit the potential vulnerability in the underlying database to gain database administrator permissions. Moxa SoftCMS is prone to multiple security vulnerabilities. Attackers can exploit this vulnerability to execute arbitrary SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0921",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "softcms",
"scope": "eq",
"trust": 1.5,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "lte",
"trust": 1.0,
"vendor": "moxa",
"version": "1.5"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.4"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.3"
},
{
"model": "softcms",
"scope": "eq",
"trust": 0.9,
"vendor": "moxa",
"version": "1.2"
},
{
"model": "softcms",
"scope": "lt",
"trust": 0.8,
"vendor": "moxa",
"version": "1.6"
},
{
"model": "softcms",
"scope": "ne",
"trust": 0.3,
"vendor": "moxa",
"version": "1.6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:moxa:softcms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.5",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9333"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zhou Yu working with Trend Micro???s Zero Day Initiative and Gu Ziqiang from Huawei Weiran Labs.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
],
"trust": 0.6
},
"cve": "CVE-2016-9333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9333",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11357",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-98153",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9333",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9333",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-9333",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-11357",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-430",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-98153",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "VULHUB",
"id": "VHN-98153"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator\u0027s privilege through specially crafted input (SQL INJECTION). Moxa SoftCMS is a set of central management software developed by Moxa for large-scale monitoring systems. The software supports real-time video surveillance, video playback, and event management. An attacker can exploit the vulnerability to run arbitrary code, the application may be denied service conditions due to excessive consumption of resources, access or modify data, or exploit the potential vulnerability in the underlying database to gain database administrator permissions. Moxa SoftCMS is prone to multiple security vulnerabilities. Attackers can exploit this vulnerability to execute arbitrary SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "VULHUB",
"id": "VHN-98153"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9333",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-16-322-02",
"trust": 2.8
},
{
"db": "BID",
"id": "94394",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11357",
"trust": 0.6
},
{
"db": "ZDI",
"id": "ZDI-16-615",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-98153",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "VULHUB",
"id": "VHN-98153"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"id": "VAR-201702-0921",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "VULHUB",
"id": "VHN-98153"
}
],
"trust": 1.29090906
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
}
]
},
"last_update_date": "2023-12-18T13:14:25.239000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SoftCMS",
"trust": 0.8,
"url": "http://www.moxa.com/product/softcms.htm"
},
{
"title": "Patch for Moxa SoftCMS SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84132"
},
{
"title": "Moxa SoftCMS SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65771"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98153"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "NVD",
"id": "CVE-2016-9333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-322-02"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94394"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9333"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9333"
},
{
"trust": 0.3,
"url": "http://www.moxa.com/product/softcms.htm"
},
{
"trust": 0.3,
"url": "http://www.zerodayinitiative.com/advisories/zdi-16-615/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "VULHUB",
"id": "VHN-98153"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "VULHUB",
"id": "VHN-98153"
},
{
"db": "BID",
"id": "94394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-98153"
},
{
"date": "2016-11-17T00:00:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"date": "2017-02-13T21:59:01.533000",
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"date": "2017-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-98153"
},
{
"date": "2016-12-20T16:03:00",
"db": "BID",
"id": "94394"
},
{
"date": "2017-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007635"
},
{
"date": "2017-06-28T13:51:54.120000",
"db": "NVD",
"id": "CVE-2016-9333"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Moxa SoftCMS SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11357"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-430"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…