전체 글

[CVE] 2023. 03. 11. MR(Monitoring Report) 2023.03.12
[CVE-2023-1312] Certain versions of Pimcore/pimcore from Pimcore contain the following vulnerability 2023.03.11
[CVE] 2023. 03. 10. MR(Monitoring Report) 2023.03.11

[CVE] 2023. 03. 11. MR(Monitoring Report)

2023. 3. 12. 10:54

datetime	subject	id	link
2023-03-11 01:00:05.213381	(GitHub, XSS)	CVE-2023-1315	https://cve.report/CVE-2023-1315
2023-03-11 01:00:05.213668	(XSS)	CVE-2022-48111	https://cve.report/CVE-2022-48111
2023-03-11 02:00:04.116962	(File Upload)	CVE-2023-27164	https://cve.report/CVE-2023-27164
2023-03-11 02:00:04.117348	(PHP, SQL injection, Critical)	CVE-2023-1322	https://cve.report/CVE-2023-1322
2023-03-11 02:00:04.117639	(PHP, SQL injection, Critical)	CVE-2023-1321	https://cve.report/CVE-2023-1321
2023-03-11 02:00:04.117972	(GitHub, XSS)	CVE-2023-1320	https://cve.report/CVE-2023-1320
2023-03-11 02:00:04.118223	(GitHub, XSS)	CVE-2023-1319	https://cve.report/CVE-2023-1319
2023-03-11 02:00:04.118457	(GitHub, XSS)	CVE-2023-1318	https://cve.report/CVE-2023-1318
2023-03-11 02:00:04.118736	(GitHub, XSS)	CVE-2023-1317	https://cve.report/CVE-2023-1317
2023-03-11 02:00:04.119016	(GitHub, XSS)	CVE-2023-1316	https://cve.report/CVE-2023-1316
2023-03-11 06:00:04.201341	(WordPress)	CVE-2023-1346	https://cve.report/CVE-2023-1346
2023-03-11 06:00:04.201828	(WordPress)	CVE-2023-1345	https://cve.report/CVE-2023-1345
2023-03-11 06:00:04.202139	(WordPress)	CVE-2023-1344	https://cve.report/CVE-2023-1344
2023-03-11 06:00:04.202463	(WordPress)	CVE-2023-1343	https://cve.report/CVE-2023-1343
2023-03-11 06:00:04.213882	(WordPress)	CVE-2023-1342	https://cve.report/CVE-2023-1342
2023-03-11 06:00:04.214260	(WordPress)	CVE-2023-1341	https://cve.report/CVE-2023-1341
2023-03-11 06:00:04.214561	(WordPress)	CVE-2023-1340	https://cve.report/CVE-2023-1340
2023-03-11 06:00:04.214903	(WordPress)	CVE-2023-1339	https://cve.report/CVE-2023-1339
2023-03-11 06:00:04.215193	(WordPress)	CVE-2023-1338	https://cve.report/CVE-2023-1338
2023-03-11 06:00:04.215469	(WordPress)	CVE-2023-1337	https://cve.report/CVE-2023-1337
2023-03-11 06:00:04.215806	(WordPress)	CVE-2023-1336	https://cve.report/CVE-2023-1336
2023-03-11 06:00:04.216097	(WordPress)	CVE-2023-1335	https://cve.report/CVE-2023-1335
2023-03-11 06:00:04.216366	(WordPress)	CVE-2023-1334	https://cve.report/CVE-2023-1334
2023-03-11 06:00:04.216636	(WordPress)	CVE-2023-1333	https://cve.report/CVE-2023-1333
2023-03-11 07:00:05.203509	(Jenkins, XSS)	CVE-2023-27905	https://cve.report/CVE-2023-27905
2023-03-11 07:00:05.203883	(Jenkins)	CVE-2023-27904	https://cve.report/CVE-2023-27904
2023-03-11 07:00:05.204199	(Jenkins)	CVE-2023-27903	https://cve.report/CVE-2023-27903
2023-03-11 07:00:05.204479	(Jenkins)	CVE-2023-27902	https://cve.report/CVE-2023-27902
2023-03-11 07:00:05.204829	(Jenkins, Apache Commons FileUpload)	CVE-2023-27901	https://cve.report/CVE-2023-27901
2023-03-11 07:00:05.205202	(Jenkins, Apache Commons FileUpload)	CVE-2023-27900	https://cve.report/CVE-2023-27900
2023-03-11 07:00:05.205504	(Jenkins)	CVE-2023-27899	https://cve.report/CVE-2023-27899
2023-03-11 07:00:05.205889	(Jenkins, XSS)	CVE-2023-27898	https://cve.report/CVE-2023-27898
2023-03-11 07:00:05.206898	(Remote Code Execution)	CVE-2023-25143	https://cve.report/CVE-2023-25143
2023-03-11 07:00:05.207465	(SQL injection)	CVE-2023-1198	https://cve.report/CVE-2023-1198
2023-03-11 08:00:06.123215	(PHP, File Upload)	CVE-2023-23328	https://cve.report/CVE-2023-23328
2023-03-11 08:00:06.123768	(XSS)	CVE-2023-23326	https://cve.report/CVE-2023-23326
2023-03-11 19:00:04.505535	(Command Injection, Critical)	CVE-2023-1350	https://cve.report/CVE-2023-1350
2023-03-11 19:00:04.505941	(PHP)	CVE-2023-1349	https://cve.report/CVE-2023-1349
2023-03-11 22:00:04.323025	(PHP, SQL injection, Critical)	CVE-2023-1351	https://cve.report/CVE-2023-1351

'Hacking > CVE List' 카테고리의 다른 글

[CVE] 2023. 03. 15. MR(Monitoring Report) (0)	2023.03.16
[CVE] 2023. 03. 13. MR(Monitoring Report) (0)	2023.03.14
[CVE] 2023. 03. 10. MR(Monitoring Report) (0)	2023.03.11
[CVE] 2023. 03. 09. MR(Monitoring Report) (0)	2023.03.10
[공지] T(Today)-1 CVE MR(Monitoring Report) 제공 (0)	2023.03.10

[CVE-2023-1312] Certain versions of Pimcore/pimcore from Pimcore contain the following vulnerability

2023. 3. 11. 14:45

ref

배경

github 내의 Reflected 환경에서의 Cross-site Scripting 취약점 발견
해당 취약점은 pimcore v10.5.19 이하 버전에서 발견

분석

pimcore는 Application Logger 모듈 검색할 때 From 및 To 필드에서 Reflected XSS에 취약
테스트
- https://demo.pimcore.fun/admin/ 접속
- Tools → Application Logger
- Search 란에 Payload 아래 Payload 입력

"><img src=x onerror=alert(document.domain);>

패치 방법

업데이트
- v10.5.19 보다 높은 버전으로 업데이트 진행 필요

'Hacking > CVE Report' 카테고리의 다른 글

[CVE-2023-1761] Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. (0)	2023.04.19
[CVE-2022-47607]Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting (0)	2023.03.31
[CVE-2023-1308] Online Graduate Tracer System sql injection (0)	2023.03.18
[CVE-2023-24657] pipipam v1.5 reflected cross-site scripting (XSS) (0)	2023.03.16
[CVE-2023-27985] RCE using bad deserialization in builderio/qwik (0)	2023.03.14

[CVE] 2023. 03. 10. MR(Monitoring Report)

2023. 3. 11. 13:09

datetime	subject	id	link
2023-03-10 01:00:03.115675	(PHP, SQL injection, Critical)	CVE-2023-1294	https://cve.report/CVE-2023-1294
2023-03-10 01:00:03.116089	(MySQL, PHP, SQL injection, Critical)	CVE-2023-1293	https://cve.report/CVE-2023-1293
2023-03-10 01:00:03.116470	(PHP, SQL injection, Critical)	CVE-2023-1292	https://cve.report/CVE-2023-1292
2023-03-10 01:00:03.116760	(PHP, SQL injection, Critical)	CVE-2023-1291	https://cve.report/CVE-2023-1291
2023-03-10 01:00:03.117123	(PHP, SQL injection, Critical)	CVE-2023-1290	https://cve.report/CVE-2023-1290
2023-03-10 03:00:04.418983	(XXE)	CVE-2023-1288	https://cve.report/CVE-2023-1288
2023-03-10 03:00:04.419198	(Remote Code Execution)	CVE-2023-1287	https://cve.report/CVE-2023-1287
2023-03-10 07:00:06.313313	(Remote Attack)	CVE-2023-20049	https://cve.report/CVE-2023-20049
2023-03-10 07:00:06.314251	(Kubernetes)	CVE-2023-27484	https://cve.report/CVE-2023-27484
2023-03-10 07:00:06.314645	(Kubernetes)	CVE-2023-27483	https://cve.report/CVE-2023-27483
2023-03-10 07:00:06.314962	(PHP, SQL injection)	CVE-2023-27214	https://cve.report/CVE-2023-27214
2023-03-10 07:00:06.315320	(PHP, SQL injection)	CVE-2023-27213	https://cve.report/CVE-2023-27213
2023-03-10 07:00:06.315536	(PHP, XSS)	CVE-2023-27212	https://cve.report/CVE-2023-27212
2023-03-10 07:00:06.315780	(PHP, XSS)	CVE-2023-27211	https://cve.report/CVE-2023-27211
2023-03-10 07:00:06.316071	(PHP, SQL injection)	CVE-2023-27210	https://cve.report/CVE-2023-27210
2023-03-10 07:00:06.316441	(PHP, XSS)	CVE-2023-27208	https://cve.report/CVE-2023-27208
2023-03-10 07:00:06.316635	(PHP, SQL injection)	CVE-2023-27207	https://cve.report/CVE-2023-27207
2023-03-10 07:00:06.316963	(PHP, XSS)	CVE-2023-27206	https://cve.report/CVE-2023-27206
2023-03-10 07:00:06.317316	(PHP, SQL injection)	CVE-2023-27205	https://cve.report/CVE-2023-27205
2023-03-10 07:00:06.317523	(PHP, SQL injection)	CVE-2023-27204	https://cve.report/CVE-2023-27204
2023-03-10 07:00:06.317780	(PHP, SQL injection)	CVE-2023-27203	https://cve.report/CVE-2023-27203
2023-03-10 07:00:06.318058	(PHP, SQL injection)	CVE-2023-27202	https://cve.report/CVE-2023-27202
2023-03-10 08:00:07.510890	(PHP, Critical)	CVE-2023-1303	https://cve.report/CVE-2023-1303
2023-03-10 08:00:07.511289	(PHP)	CVE-2023-1302	https://cve.report/CVE-2023-1302
2023-03-10 08:00:07.511584	(PHP, SQL injection, Critical)	CVE-2023-1301	https://cve.report/CVE-2023-1301
2023-03-10 08:00:07.511907	(PHP, SQL injection, Critical)	CVE-2023-1300	https://cve.report/CVE-2023-1300
2023-03-10 08:00:07.512556	(XSS)	CVE-2023-0050	https://cve.report/CVE-2023-0050
2023-03-10 11:00:04.618899	(GitHub)	CVE-2023-1307	https://cve.report/CVE-2023-1307
2023-03-10 18:00:04.720245	(PHP, SQL injection, Critical)	CVE-2023-1311	https://cve.report/CVE-2023-1311
2023-03-10 18:00:04.720543	(PHP, SQL injection, Critical)	CVE-2023-1310	https://cve.report/CVE-2023-1310
2023-03-10 18:00:04.720857	(PHP, SQL injection, Critical)	CVE-2023-1309	https://cve.report/CVE-2023-1309
2023-03-10 18:00:04.721165	(PHP, SQL injection, Critical)	CVE-2023-1308	https://cve.report/CVE-2023-1308
2023-03-10 18:00:04.721421	(SQL injection)	CVE-2023-1091	https://cve.report/CVE-2023-1091
2023-03-10 20:00:08.209186	(GitHub, XSS)	CVE-2023-1312	https://cve.report/CVE-2023-1312
2023-03-10 21:00:04.723760	(GitHub)	CVE-2023-1313	https://cve.report/CVE-2023-1313
2023-03-10 21:00:04.724142	(Remote Attack)	CVE-2023-22301	https://cve.report/CVE-2023-22301
2023-03-10 23:00:04.506170	(PHP, SQL injection)	CVE-2023-24774	https://cve.report/CVE-2023-24774

'Hacking > CVE List' 카테고리의 다른 글

[CVE] 2023. 03. 15. MR(Monitoring Report) (0)	2023.03.16
[CVE] 2023. 03. 13. MR(Monitoring Report) (0)	2023.03.14
[CVE] 2023. 03. 11. MR(Monitoring Report) (0)	2023.03.12
[CVE] 2023. 03. 09. MR(Monitoring Report) (0)	2023.03.10
[공지] T(Today)-1 CVE MR(Monitoring Report) 제공 (0)	2023.03.10

PREV 이전 1 ···115 116 117 118 119 120 121 ···153 NEXT 다음

앞만 보고 가는거야!!!

전체 글

[CVE] 2023. 03. 11. MR(Monitoring Report)

'Hacking > CVE List' 카테고리의 다른 글

[CVE-2023-1312] Certain versions of Pimcore/pimcore from Pimcore contain the following vulnerability

ref

배경

분석

패치 방법

'Hacking > CVE Report' 카테고리의 다른 글

[CVE] 2023. 03. 10. MR(Monitoring Report)

'Hacking > CVE List' 카테고리의 다른 글

+ Recent posts

티스토리툴바