Vulnerability-Lookup

CNVD-2019-21120

Vulnerability from cnvd - Published: 2019-07-04

Title

PHP Scripts Mall Advance Peer to Peer MLM Script访问控制错误漏洞

Description

PHP Scripts Mall Advance Peer to Peer MLM Script是印度PHP Scripts Mall公司的一套在线MLM（多层次传销）系统。Admin Panel是其中的一个管理面板。 PHP Scripts Mall Advance Peer to Peer MLM Script 1.7.0版本中的Admin Panel存在访问控制错误漏洞，远程攻击者可通过直接导航到admin/dashboard.php或admin/user.php文件利用该漏洞绕过访问限制。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.phpscriptsmall.com/

Reference

https://www.phpscriptsmall.com/

Impacted products

Name
PHP Scripts Mall Advance Peer to Peer MLM Script 1.7.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6126",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6126"
    }
  },
  "description": "PHP Scripts Mall Advance Peer to Peer MLM Script\u662f\u5370\u5ea6PHP Scripts Mall\u516c\u53f8\u7684\u4e00\u5957\u5728\u7ebfMLM\uff08\u591a\u5c42\u6b21\u4f20\u9500\uff09\u7cfb\u7edf\u3002Admin Panel\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7ba1\u7406\u9762\u677f\u3002\n\nPHP Scripts Mall Advance Peer to Peer MLM Script 1.7.0\u7248\u672c\u4e2d\u7684Admin Panel\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u76f4\u63a5\u5bfc\u822a\u5230admin/dashboard.php\u6216admin/user.php\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u9650\u5236\u3002",
  "discovererName": "Mad-robot",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.phpscriptsmall.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-21120",
  "openTime": "2019-07-04",
  "products": {
    "product": "PHP Scripts Mall Advance Peer to Peer MLM Script 1.7.0"
  },
  "referenceLink": "https://www.phpscriptsmall.com/",
  "serverity": "\u4e2d",
  "submitTime": "2019-01-14",
  "title": "PHP Scripts Mall Advance Peer to Peer MLM Script\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

CVE-2019-6126 (GCVE-0-2019-6126)

Vulnerability from cvelistv5 – Published: 2019-01-11 05:00 – Updated: 2024-08-04 20:16

Summary

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

1 reference

URL	Tags
https://github.com/Mad-robot/CVE-List/blob/master…	x_refsource_MISC

Date Public

2019-01-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:24.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-11T04:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-6126",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers to bypass intended access restrictions by directly navigating to admin/dashboard.php or admin/user.php, as demonstrated by disclosure of information about users and staff."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md",
              "refsource": "MISC",
              "url": "https://github.com/Mad-robot/CVE-List/blob/master/Advance%20Peer%20to%20Peer%20MLM%20Script.md"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-6126",
    "datePublished": "2019-01-11T05:00:00.000Z",
    "dateReserved": "2019-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:16:24.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-21120

CVE-2019-6126 (GCVE-0-2019-6126)

Tags

Sightings

Nomenclature