CVE-2019-11354

🗓️ 19 Apr 2019 21:29:05Reported by mitreType

cve🔗 web.nvd.nist.gov👁 125 Views🌐 WEB

The client in EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler

Reporter	Title	Published	Views	Family All 13
0day.today	EA Origin < 10.5.38 - Remote Code Execution Vulnerability	22 Jun 201900:00	–	zdt
0day.today	dotProject 2.1.9 - SQL Injection Vulnerability	26 Jun 201900:00	–	zdt
Check Point Advisories	Electronic Arts Origin Client Remote Code Injection (CVE-2019-11354)	5 Mar 202000:00	–	checkpoint_advisories
Cvelist	CVE-2019-11354	19 Apr 201921:29	–	cvelist
exploitpack	EA Origin 10.5.38 - Remote Code Execution	21 Jun 201900:00	–	exploitpack
myhack58	Talking about the URI Schemes of use-vulnerability warning-the black bar safety net	28 May 201900:00	–	myhack58
NVD	CVE-2019-11354	19 Apr 201922:29	–	nvd
OSV	CVE-2019-11354	19 Apr 201922:29	–	osv
Packet Storm	dotProject 2.1.9 SQL Injection	24 Jun 201900:00	–	packetstorm
Packet Storm	EA Origin Remote Code Execution	21 Jun 201900:00	–	packetstorm

NVD

Node

ea originMatch10.5.36windows

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/153485/EA-Origin-Template-Injection-Remote-Code-Execution.html
golem	www.golem.de/news/sicherheitsluecke-ea-origin-fuehrte-schadcode-per-link-aus-1904-140738.html
pcmag	www.pcmag.com/news/367801/security-flaw-allowed-any-app-to-run-using-eas-origin-clien
trustedreviews	www.trustedreviews.com/news/time-update-origin-eas-game-client-security-risk-just-installed-3697942
thesun	www.thesun.co.uk/tech/8877334/sims-4-battlefield-fifa-origin-hackers/
vg247	www.vg247.com/2019/04/17/ea-origin-security-flaw-run-malicious-code-fixed/
gizmodo	www.gizmodo.com/ea-origin-users-update-your-client-now-1834079604
techradar	www.techradar.com/news/major-security-flaw-found-in-ea-origin-gaming-client
gamasutra	www.gamasutra.com/view/news/340907/A_nowfixed_Origin_vulnerability_potentially_opened_the_client_to_hackers.php
blog	www.blog.underdogsecurity.com/rce_in_origin_client/

Parameter	Position	Path	Description	CWE
title	path	origin2://game/launch	Template injection vulnerability in Origin2 URI handler enabling potential RCE via crafted title/offerIds parameters	CWE-74
offerIds	path	origin2://game/launch	Template injection vulnerability in Origin2 URI handler enabling potential RCE via crafted title/offerIds parameters	CWE-74
title	query param	origin://game/launch/?offerIds=0&title={{7*7}}	Angular template injection via origin URI parameters to trigger code execution pathways	CWE-74
offerIds	query param	origin://game/launch/?offerIds=0&title={{7*7}}	Angular template injection via origin URI parameters to trigger code execution pathways	CWE-74
dosql	request body	dotProject-2.1.9/index.php?m=calendar	SQL injection PoC in calendar POST endpoint (event_id and dosql parameters)	CWE-74
event_id	request body	dotProject-2.1.9/index.php?m=calendar	SQL injection PoC in calendar POST endpoint (event_id and dosql parameters)	CWE-74
event_project	request body	dotProject-2.1.9/index.php?m=calendar	SQL injection PoC in calendar POST endpoint (event_id and dosql parameters)	CWE-74
event_title	request body	dotProject-2.1.9/index.php?m=calendar	SQL injection PoC in calendar POST endpoint (event_id and dosql parameters)	CWE-74
event_description	request body	dotProject-2.1.9/index.php?m=calendar	SQL injection PoC in calendar POST endpoint (event_id and dosql parameters)	CWE-74
event_start_date	request body	dotProject-2.1.9/index.php?m=calendar	SQL injection PoC in calendar POST endpoint (event_id and dosql parameters)	CWE-74

21 Nov 2024 04:20Current

8.2High risk

Vulners AI Score8.2

CVSS 26.8

CVSS 3.17.8

EPSS0.40735

CWE-74