CVE-2024-0412 - Vulnerability Details - OpenCVE

A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Csdeshang	Dsshop

Configuration 1 [-]

OR	cpe:2.3:a:csdeshang:dsshop:3.0:::::::*
	cpe:2.3:a:csdeshang:dsshop:3.1.0:::::::*

No data.

References

Link	Providers
https://note.zhaoj.in/share/Q56cf5nN9RzF
https://vuldb.com/?ctiid.250432
https://vuldb.com/?id.250432

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-01-11T16:31:05.773Z

Updated: 2024-08-01T18:04:49.699Z

Reserved: 2024-01-11T10:22:47.376Z

Link: CVE-2024-0412

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-11T17:15:08.843

Modified: 2024-11-21T08:46:31.817

Link: CVE-2024-0412

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-0412", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-01-11T10:22:47.376Z", "datePublished": "2024-01-11T16:31:05.773Z", "dateUpdated": "2024-08-01T18:04:49.699Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-09T19:09:41.147Z"}, "title": "DeShang DSShop HTTP GET Request install.php access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Controls"}]}], "affected": [{"vendor": "DeShang", "product": "DSShop", "versions": [{"version": "3.0", "status": "affected"}, {"version": "3.1", "status": "affected"}], "modules": ["HTTP GET Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432."}, {"lang": "de", "value": "In DeShang DSShop bis 3.1.0 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei public/install.php der Komponente HTTP GET Request Handler. Mittels Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-01-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-01-11T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2024-01-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-01-30T12:35:44.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "glzjin (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.250432", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.250432", "tags": ["signature", "permissions-required"]}, {"url": "https://note.zhaoj.in/share/Q56cf5nN9RzF", "tags": ["broken-link", "exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:04:49.699Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.250432", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.250432", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://note.zhaoj.in/share/Q56cf5nN9RzF", "tags": ["broken-link", "exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:csdeshang:dsshop:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "CDA7CDD3-CA8A-44D7-AA3E-D1FE4D5471E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:csdeshang:dsshop:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EC91B69-2B20-40C6-80EF-00AD1469A5C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en DeShang DSShop hasta 3.1.0. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo public/install.php del componente HTTP GET Request Handler. La manipulaci\u00f3n conduce a controles de acceso inadecuados. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250432."}], "id": "CVE-2024-0412", "lastModified": "2024-11-21T08:46:31.817", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-11T17:15:08.843", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://note.zhaoj.in/share/Q56cf5nN9RzF"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.250432"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.250432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://note.zhaoj.in/share/Q56cf5nN9RzF"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.250432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.250432"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Secondary"}]}