[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

dst-admin 1.5.0 /home/masterConsole command elévation de privilèges

Une vulnérabilité classée critique a été trouvée dans dst-admin 1.5.0. Ceci affecte une fonction inconnue du fichier /home/masterConsole. A cause de la manipulation du paramètre command avec une valeur d'entrée inconnue mène à une vulnérabilité de classe elévation de privilèges. La notice d'information est disponible en téléchargement sur github.com. Cette vulnérabilité est identifiée comme CVE-2023-0648. L'attaque peut être initialisée à distance. Des details techniques sont connus. Il est déclaré comme proof-of-concept. L'exploit est disponible au téléchargment sur github.com.

4 Changements · 70 Points de données

DomaineÉtabli
02/02/2023 14:34		Update 1/3
02/02/2023 14:36		Update 2/3
01/03/2023 19:40		Update 3/3
01/03/2023 19:47
software_namedst-admindst-admindst-admindst-admin
software_version1.5.01.5.01.5.01.5.0
software_file/home/masterConsole/home/masterConsole/home/masterConsole/home/masterConsole
software_argumentcommandcommandcommandcommand
vulnerability_cweCWE-77 (elévation de privilèges)CWE-77 (elévation de privilèges)CWE-77 (elévation de privilèges)CWE-77 (elévation de privilèges)
vulnerability_risk2222
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_prLLLL
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cLLLL
cvss3_vuldb_iLLLL
cvss3_vuldb_aLLLL
cvss3_vuldb_ePPPP
cvss3_vuldb_rcRRRR
exploit_availability1111
exploit_publicity1111
source_cveCVE-2023-0648CVE-2023-0648CVE-2023-0648CVE-2023-0648
cna_responsibleVulDBVulDBVulDBVulDB
advisory_date1675292400 (02/02/2023)1675292400 (02/02/2023)1675292400 (02/02/2023)1675292400 (02/02/2023)
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciPPPP
cvss2_vuldb_iiPPPP
cvss2_vuldb_aiPPPP
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcURURURUR
cvss2_vuldb_auSSSS
cvss2_vuldb_rlNDNDNDND
cvss3_vuldb_rlXXXX
cvss2_vuldb_basescore6.56.56.56.5
cvss2_vuldb_tempscore5.65.65.65.6
cvss3_vuldb_basescore6.36.36.36.3
cvss3_vuldb_tempscore5.75.75.75.7
cvss3_meta_basescore6.36.36.36.7
cvss3_meta_tempscore5.75.75.76.5
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
advisory_urlhttps://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8Chttps://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8Chttps://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C
exploit_urlhttps://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8Chttps://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8Chttps://github.com/Ha0Liu/cveAdd/tree/developer/dst-admin%201.5.0%E5%90%8E%E5%8F%B0masterConsole%E6%8E%A5%E5%8F%A3%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C
cve_assigned1675292400 (02/02/2023)1675292400 (02/02/2023)
cve_nvd_summaryA vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035.A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035.
cvss3_cna_basescore6.3
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore6.5
cvss3_nvd_basescore7.5

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!