Описание
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.
Ссылки
- Broken Link
- Permissions RequiredThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Broken Link
- Permissions RequiredThird Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.
Уязвимость сценария /index.php?c=api интерфейса программы управления закладками OneNav, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.3 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2