DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:163083", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Zenario CMS 8.8.52729 SQL Injection", "description": "", "published": "2021-06-11T00:00:00", "modified": "2021-06-11T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://packetstormsecurity.com/files/163083/Zenario-CMS-8.8.52729-SQL-Injection.html", "reporter": "Avinash R", "references": [], "cvelist": ["CVE-2021-27673"], "immutableFields": [], "lastseen": "2021-06-11T16:45:41", "viewCount": 68, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-27673"]}, {"type": "github", "idList": ["GHSA-8HCM-JJ4X-4GMR"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-27673"]}, {"type": "github", "idList": ["GHSA-8HCM-JJ4X-4GMR"]}]}, "exploitation": null, "vulnersScore": 6.2}, "sourceHref": "https://packetstormsecurity.com/files/download/163083/zenariocms8852729-sql.txt", "sourceData": "`# Exploit Title: Zenario CMS 8.8.52729 - 'cID' Blind & Error based SQL injection (Authenticated) \n# Date: 05\u201302\u20132021 \n# Exploit Author: Avinash R \n# Vendor Homepage: https://zenar.io/ \n# Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 \n# Version: 8.8.52729 \n# Tested on: Windows 10 Pro (No OS restrictions) \n# CVE : CVE-2021\u201327673 \n# Reference: https://deadsh0t.medium.com/blind-error-based-authenticated-sql-injection-on-zenario-8-8-52729-cms-d4705534df38 \n \n##### Step To Reproduce ##### \n \n1) Login to the admin page of Zenario CMS with admin credentials, which is \nhttp://server_ip/zenario/admin.php \n \n2) Click on, New \u2192 HTML page to create a new sample page and intercept it \nwith your interceptor. \n \n3) Just a single quote on the 'cID' parameter will confirm the SQL \ninjection. \n \n4) After confirming that the 'cID' parameter is vulnerable to SQL \ninjection, feeding the request to SQLMAP will do the rest of the work for \nyou. \n \n############ End ############ \n`\n", "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645995226}}

{"osv": [{"lastseen": "2022-05-30T14:03:33", "description": "Cross Site Scripting (XSS) in the \"admin_boxes.ajax.php\" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the \"cID\" parameter when creating a new HTML component.", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-06-08T20:11:40", "type": "osv", "title": "Cross-site scripting in tribalsystems/zenario", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27673"], "modified": "2022-05-26T20:39:25", "id": "OSV:GHSA-8HCM-JJ4X-4GMR", "href": "https://osv.dev/vulnerability/GHSA-8hcm-jj4x-4gmr", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "github": [{"lastseen": "2022-05-30T15:31:02", "description": "Cross Site Scripting (XSS) in the \"admin_boxes.ajax.php\" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the \"cID\" parameter when creating a new HTML component.", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-06-08T20:11:40", "type": "github", "title": "Cross-site scripting in tribalsystems/zenario", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27673"], "modified": "2022-05-26T20:39:25", "id": "GHSA-8HCM-JJ4X-4GMR", "href": "https://github.com/advisories/GHSA-8hcm-jj4x-4gmr", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-05-24T00:48:56", "description": "Cross Site Scripting (XSS) in the \"admin_boxes.ajax.php\" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the \"cID\" parameter when creating a new HTML component.", "cvss3": {"exploitabilityScore": 1.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-04-15T14:15:00", "type": "cve", "title": "CVE-2021-27673", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27673"], "modified": "2022-05-23T22:42:00", "cpe": ["cpe:/a:tribalsystems:zenario:8.8.52729"], "id": "CVE-2021-27673", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27673", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:tribalsystems:zenario:8.8.52729:*:*:*:*:*:*:*"]}]}