VAR-202001-0885
Vulnerability from variot - Updated: 2023-12-18 11:59vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. vtiger CRM Contains an injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. vtiger CRM is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. This may allow the attacker to compromise the application; other attacks are also possible. vtiger CRM 5.4.0 and prior are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the program does not properly filter the input submitted by the user. --------------------------------------------------------------------------------- vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities
[-] Software Link:
http://www.vtiger.com/
[-] Affected Versions:
[1] All versions from 5.1.0 to 5.4.0. [2] All versions from 5.2.0 to 5.4.0.
[-] Vulnerability Description:
1) The vulnerable code is located in the get_list_values SOAP method defined in /soap/customerportal.php:
- function get_list_values($id,$module,$sessionid,$only_mine='true')
- {
- require_once('modules/'.$module.'/'.$module.'.php');
- require_once('include/utils/UserInfoUtil.php');
- global $adb,$log,$current_user;
- $log->debug("Entering customer portal function get_list_values");
2) The vulnerable code is located in the get_project_components SOAP method defined in /soap/customerportal.php:
- function get_project_components($id,$module,$customerid,$sessionid) {
- require_once("modules/$module/$module.php");
- require_once('include/utils/UserInfoUtil.php');
- global $adb,$log;
- $log->debug("Entering customer portal function get_project_components ..");
The vulnerabilities exist because these methods fail to properly validate input passed through the "module" parameter, that is being used in a call to the require_once() function (lines 1530 and 2779). This might be exploited to include arbitrary local files containing malicious PHP code. Successful exploitation of these vulnerabilities requires the application running on PHP < 5.3.4, because a null byte injection is required.
[-] Solution:
Apply the vendor patch:http://www.vtiger.com/blogs/?p=1467
[-] Disclosure Timeline:
[13/01/2013] - Vendor notified [06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848 [05/03/2013] - Feedback provided to the vendor [26/03/2013] - Vendor patch released [18/04/2013] - CVE number requested [20/04/2013] - CVE number assigned [01/08/2013] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3212 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2013-05
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0885",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1"
}
],
"sources": [
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Egidio Romano",
"sources": [
{
"db": "BID",
"id": "61560"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3212",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-3212",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63214",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-3212",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3212",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-011",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63214",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in \u0027customerportal.php\u0027 which allows remote attackers to view files and execute local script code. vtiger CRM Contains an injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. vtiger CRM is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. This may allow the attacker to compromise the application; other attacks are also possible. \nvtiger CRM 5.4.0 and prior are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the program does not properly filter the input submitted by the user. ---------------------------------------------------------------------------------\nvtiger CRM \u003c= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities\n---------------------------------------------------------------------------------\n\n\n[-] Software Link:\n\nhttp://www.vtiger.com/\n\n\n[-] Affected Versions:\n\n[1] All versions from 5.1.0 to 5.4.0. \n[2] All versions from 5.2.0 to 5.4.0. \n\n\n[-] Vulnerability Description:\n\n1) The vulnerable code is located in the get_list_values SOAP method defined in /soap/customerportal.php:\n\n1528. \tfunction get_list_values($id,$module,$sessionid,$only_mine=\u0027true\u0027)\n1529. \t{\n1530. \t\trequire_once(\u0027modules/\u0027.$module.\u0027/\u0027.$module.\u0027.php\u0027);\n1531. \t\trequire_once(\u0027include/utils/UserInfoUtil.php\u0027);\n1532. \t\tglobal $adb,$log,$current_user;\n1533. \t\t$log-\u003edebug(\"Entering customer portal function get_list_values\");\n\n2) The vulnerable code is located in the get_project_components SOAP method defined in /soap/customerportal.php:\n\n2778. \tfunction get_project_components($id,$module,$customerid,$sessionid) {\n2779. \t\trequire_once(\"modules/$module/$module.php\");\n2780. \t\trequire_once(\u0027include/utils/UserInfoUtil.php\u0027);\n2781. \t\n2782. \t\tglobal $adb,$log;\n2783. \t\t$log-\u003edebug(\"Entering customer portal function get_project_components ..\");\n\nThe vulnerabilities exist because these methods fail to properly validate input passed through the \"module\"\nparameter, that is being used in a call to the require_once() function (lines 1530 and 2779). This might be\nexploited to include arbitrary local files containing malicious PHP code. Successful exploitation of these\nvulnerabilities requires the application running on PHP \u003c 5.3.4, because a null byte injection is required. \n\n\n[-] Solution:\n\nApply the vendor patch:http://www.vtiger.com/blogs/?p=1467\n\n\n[-] Disclosure Timeline:\n\n[13/01/2013] - Vendor notified\n[06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848\n[05/03/2013] - Feedback provided to the vendor\n[26/03/2013] - Vendor patch released\n[18/04/2013] - CVE number requested\n[20/04/2013] - CVE number assigned\n[01/08/2013] - Public disclosure\n\n\n[-] CVE Reference:\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\nhas assigned the name CVE-2013-3212 to these vulnerabilities. \n\n\n[-] Credits:\n\nVulnerabilities discovered by Egidio Romano. \n\n\n[-] Original Advisory:\n\nhttp://karmainsecurity.com/KIS-2013-05\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "PACKETSTORM",
"id": "122637"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63214",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3212",
"trust": 2.9
},
{
"db": "BID",
"id": "61560",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "27279",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "122637",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-80894",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63214",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "PACKETSTORM",
"id": "122637"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"id": "VAR-202001-0885",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T11:59:01.059000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.vtiger.com/"
},
{
"title": "Vtiger CRM customerportal.php Multiple local files contain bug fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=109038"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.1
},
{
"problemtype": "injection (CWE-74) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86162"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61560"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/27279"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3212"
},
{
"trust": 0.4,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848"
},
{
"trust": 0.1,
"url": "http://www.vtiger.com/blogs/?p=1467"
},
{
"trust": 0.1,
"url": "http://karmainsecurity.com/kis-2013-05"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "PACKETSTORM",
"id": "122637"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63214"
},
{
"db": "BID",
"id": "61560"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"db": "PACKETSTORM",
"id": "122637"
},
{
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-63214"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61560"
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"date": "2013-08-01T17:27:27",
"db": "PACKETSTORM",
"id": "122637"
},
{
"date": "2020-01-28T21:15:11.637000",
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"date": "2013-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-63214"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61560"
},
{
"date": "2020-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007134"
},
{
"date": "2020-02-03T18:52:20.870000",
"db": "NVD",
"id": "CVE-2013-3212"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger\u00a0CRM\u00a0 Vulnerability in injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201308-011"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…