Vulnerability Center: 14526 - SQLiteManager 1. Nessus Name: SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File InclusionĪctive APT Groups: □ Countermeasures info Recommended: no mitigation known Entries connected to this vulnerability are available at 458, 992, 14. The vulnerability is also documented in the databases at X-Force ( 32693), Vulnerability Center ( SBV-14526) and Tenable ( 24726). It may be suggested to replace the affected object with an alternative product. There is no information about possible countermeasures known. Description The remote host is running SQLiteManager, a web-based application for managing SQLite databases. The vulnerability scanner Nessus provides a plugin with the ID 24726 (SQLiteManager SQLiteManager_currentTheme Cookie Traversal Local File Inclusion), which helps to determine the existence of the flaw in a target environment. SQLiteManager include/ SQLiteManagercurrentTheme Cookie Local File Inclusion high Nessus Network Monitor Plugin ID 3925 Synopsis The remote web server contains a PHP script that is susceptible to a local file inclusion attack. This vulnerability is assigned to T1505 by the MITRE ATT&CK project. Technical details are unknown but an exploit is available. No form of authentication is required for exploitation. The exploitation is known to be difficult. This vulnerability is handled as CVE-2007-1232 since. The weakness was released by Simon Bonnard (Website). ments to expose vulnerabilities of private browsing against local and remote. (dot dot) in a SQLiteManager_currentTheme cookie. His research interests include usable security, web security and risk and. CVE summarizes:ĭirectory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a. An attacker might be able inject and/or alter existing SQL statements which would influence the database exchange. ![]() Impacted is confidentiality, integrity, and availability. The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Using CWE to declare the problem leads to CWE-89. The manipulation with an unknown input leads to a sql injection vulnerability. Affected by this issue is some unknown functionality. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in SQLiteManager 1.2.0 and classified as critical. Server-side languages as Java, PHP, ASP.NET: the presence of these languages visibly through their page extensions. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. In detecting Local File Inclusion, these indicators are: 1. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |