Search criteria
6 vulnerabilities found for HAWKI by Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany
CVE-2024-25975 (GCVE-0-2024-25975)
Vulnerability from nvd – Published: 2024-05-29 13:13 – Updated: 2025-02-13 17:40
VLAI?
Title
Arbitrary File Overwrite
Summary
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).
Severity ?
6.5 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany | HAWKI |
Affected:
versions before commit 146967f
(custom)
|
Credits
Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hawki:hawki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hawki",
"vendor": "hawki",
"versions": [
{
"lessThan": "commit_146967f",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:19:41.943503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:49:52.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HAWKI",
"repo": "https://github.com/HAWK-Digital-Environments/HAWKI",
"vendor": "Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany",
"versions": [
{
"status": "affected",
"version": "versions before commit 146967f",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:16.276Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patch which can be downloaded from https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Overwrite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-25975",
"datePublished": "2024-05-29T13:13:14.625Z",
"dateReserved": "2024-02-13T09:28:28.809Z",
"dateUpdated": "2025-02-13T17:40:56.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25977 (GCVE-0-2024-25977)
Vulnerability from nvd – Published: 2024-05-29 12:31 – Updated: 2025-02-13 17:40
VLAI?
Title
Session Fixation
Summary
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.
Severity ?
7.3 (High)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany | HAWKI |
Affected:
versions before commit 146967f
(custom)
|
Credits
Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T20:39:14.016449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:27:49.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HAWKI",
"repo": "https://github.com/HAWK-Digital-Environments/HAWKI",
"vendor": "Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany",
"versions": [
{
"status": "affected",
"version": "versions before commit 146967f",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim\u0027s browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim\u0027s account being taken over.\u003c/p\u003e"
}
],
"value": "The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim\u0027s browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim\u0027s account being taken over."
}
],
"impacts": [
{
"capecId": "CAPEC-61",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-61 Session Fixation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:14.701Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patch which can be downloaded from https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Session Fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-25977",
"datePublished": "2024-05-29T12:31:29.973Z",
"dateReserved": "2024-02-13T09:28:28.810Z",
"dateUpdated": "2025-02-13T17:40:58.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25976 (GCVE-0-2024-25976)
Vulnerability from nvd – Published: 2024-05-29 12:22 – Updated: 2025-03-17 20:39
VLAI?
Title
Reflected Cross-Site-Scripting (XSS)
Summary
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany | HAWKI |
Affected:
versions before commit 146967f
(custom)
|
Credits
Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T14:11:54.889111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T20:39:15.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HAWKI",
"repo": "https://github.com/HAWK-Digital-Environments/HAWKI",
"vendor": "Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany",
"versions": [
{
"status": "affected",
"version": "versions before commit 146967f",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \"$_SERVER[\u0027PHP_SELF\u0027]\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue."
}
],
"value": "When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \"$_SERVER[\u0027PHP_SELF\u0027]\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:17.894Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patch which can be downloaded from https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-Site-Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-25976",
"datePublished": "2024-05-29T12:22:46.526Z",
"dateReserved": "2024-02-13T09:28:28.810Z",
"dateUpdated": "2025-03-17T20:39:15.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25975 (GCVE-0-2024-25975)
Vulnerability from cvelistv5 – Published: 2024-05-29 13:13 – Updated: 2025-02-13 17:40
VLAI?
Title
Arbitrary File Overwrite
Summary
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).
Severity ?
6.5 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany | HAWKI |
Affected:
versions before commit 146967f
(custom)
|
Credits
Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hawki:hawki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hawki",
"vendor": "hawki",
"versions": [
{
"lessThan": "commit_146967f",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25975",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:19:41.943503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T14:49:52.060Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HAWKI",
"repo": "https://github.com/HAWK-Digital-Environments/HAWKI",
"vendor": "Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany",
"versions": [
{
"status": "affected",
"version": "versions before commit 146967f",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003c/p\u003e\u003cp\u003eThe application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:16.276Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patch which can be downloaded from https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Arbitrary File Overwrite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-25975",
"datePublished": "2024-05-29T13:13:14.625Z",
"dateReserved": "2024-02-13T09:28:28.809Z",
"dateUpdated": "2025-02-13T17:40:56.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25977 (GCVE-0-2024-25977)
Vulnerability from cvelistv5 – Published: 2024-05-29 12:31 – Updated: 2025-02-13 17:40
VLAI?
Title
Session Fixation
Summary
The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over.
Severity ?
7.3 (High)
CWE
- CWE-384 - Session Fixation
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany | HAWKI |
Affected:
versions before commit 146967f
(custom)
|
Credits
Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T20:39:14.016449Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:27:49.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HAWKI",
"repo": "https://github.com/HAWK-Digital-Environments/HAWKI",
"vendor": "Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany",
"versions": [
{
"status": "affected",
"version": "versions before commit 146967f",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim\u0027s browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim\u0027s account being taken over.\u003c/p\u003e"
}
],
"value": "The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim\u0027s browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim\u0027s account being taken over."
}
],
"impacts": [
{
"capecId": "CAPEC-61",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-61 Session Fixation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:14.701Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patch which can be downloaded from https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Session Fixation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-25977",
"datePublished": "2024-05-29T12:31:29.973Z",
"dateReserved": "2024-02-13T09:28:28.810Z",
"dateUpdated": "2025-02-13T17:40:58.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25976 (GCVE-0-2024-25976)
Vulnerability from cvelistv5 – Published: 2024-05-29 12:22 – Updated: 2025-03-17 20:39
VLAI?
Title
Reflected Cross-Site-Scripting (XSS)
Summary
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany | HAWKI |
Affected:
versions before commit 146967f
(custom)
|
Credits
Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-25976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T14:11:54.889111Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T20:39:15.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HAWKI",
"repo": "https://github.com/HAWK-Digital-Environments/HAWKI",
"vendor": "Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany",
"versions": [
{
"status": "affected",
"version": "versions before commit 146967f",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \"$_SERVER[\u0027PHP_SELF\u0027]\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue."
}
],
"value": "When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \"$_SERVER[\u0027PHP_SELF\u0027]\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:10:17.894Z",
"orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"shortName": "SEC-VLab"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://r.sec-consult.com/hawki"
},
{
"tags": [
"patch"
],
"url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
},
{
"url": "http://seclists.org/fulldisclosure/2024/May/34"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "The vendor provides a patch which can be downloaded from https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-Site-Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"assignerShortName": "SEC-VLab",
"cveId": "CVE-2024-25976",
"datePublished": "2024-05-29T12:22:46.526Z",
"dateReserved": "2024-02-13T09:28:28.810Z",
"dateUpdated": "2025-03-17T20:39:15.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}