Vulnerabilites related to montala - resourcespace
cve-2021-41950
Vulnerability from cvelistv5
Published
2021-11-15 15:52
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users.
References
| ▼ | URL | Tags |
|---|---|---|
| http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php | x_refsource_MISC | |
| https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T15:52:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php",
"refsource": "MISC",
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php"
},
{
"name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/",
"refsource": "MISC",
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41950",
"datePublished": "2021-11-15T15:52:56",
"dateReserved": "2021-10-04T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41951
Vulnerability from cvelistv5
Published
2021-11-15 15:27
Modified
2024-08-04 03:22
Severity ?
EPSS score ?
Summary
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:22:25.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T15:27:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/",
"refsource": "MISC",
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41951",
"datePublished": "2021-11-15T15:27:22",
"dateReserved": "2021-10-04T00:00:00",
"dateUpdated": "2024-08-04T03:22:25.759Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-6915
Vulnerability from cvelistv5
Published
2015-09-11 16:00
Modified
2024-09-17 00:51
Severity ?
EPSS score ?
Summary
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/133297/ResourceSpace-CMS-7.3.7009-SQL-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:36:35.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/133297/ResourceSpace-CMS-7.3.7009-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the \"user\" cookie to plugins/feedback/pages/feedback.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-09-11T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/133297/ResourceSpace-CMS-7.3.7009-SQL-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the \"user\" cookie to plugins/feedback/pages/feedback.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133297/ResourceSpace-CMS-7.3.7009-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133297/ResourceSpace-CMS-7.3.7009-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6915",
"datePublished": "2015-09-11T16:00:00Z",
"dateReserved": "2015-09-11T00:00:00Z",
"dateUpdated": "2024-09-17T00:51:29.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31260
Vulnerability from cvelistv5
Published
2022-07-17 19:57
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.resourcespace.com | x_refsource_MISC | |
| https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.resourcespace.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-17T19:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.resourcespace.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.resourcespace.com",
"refsource": "MISC",
"url": "https://www.resourcespace.com"
},
{
"name": "https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md",
"refsource": "MISC",
"url": "https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31260",
"datePublished": "2022-07-17T19:57:00",
"dateReserved": "2022-05-21T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-41765
Vulnerability from cvelistv5
Published
2021-11-15 15:52
Modified
2024-08-04 03:15
Severity ?
EPSS score ?
Summary
A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php | x_refsource_MISC | |
| https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 \u003c rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T15:52:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 \u003c rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php",
"refsource": "MISC",
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php"
},
{
"name": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/",
"refsource": "MISC",
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41765",
"datePublished": "2021-11-15T15:52:25",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3648
Vulnerability from cvelistv5
Published
2015-06-09 14:00
Modified
2024-08-06 05:47
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.htbridge.com/advisory/HTB23258 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/535669/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/75019 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23258"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html"
},
{
"name": "20150603 Local PHP File Inclusion in ResourceSpace",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/535669/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.montala.com/websvn/revision.php?repname=ResourceSpace\u0026path=%2F\u0026rev=6640\u0026peg=6738"
},
{
"name": "75019",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-06-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23258"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html"
},
{
"name": "20150603 Local PHP File Inclusion in ResourceSpace",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/535669/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.montala.com/websvn/revision.php?repname=ResourceSpace\u0026path=%2F\u0026rev=6640\u0026peg=6738"
},
{
"name": "75019",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23258",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23258"
},
{
"name": "http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html"
},
{
"name": "20150603 Local PHP File Inclusion in ResourceSpace",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535669/100/0/threaded"
},
{
"name": "http://svn.montala.com/websvn/revision.php?repname=ResourceSpace\u0026path=%2F\u0026rev=6640\u0026peg=6738",
"refsource": "CONFIRM",
"url": "http://svn.montala.com/websvn/revision.php?repname=ResourceSpace\u0026path=%2F\u0026rev=6640\u0026peg=6738"
},
{
"name": "75019",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3648",
"datePublished": "2015-06-09T14:00:00",
"dateReserved": "2015-05-06T00:00:00",
"dateUpdated": "2024-08-06T05:47:57.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4311
Vulnerability from cvelistv5
Published
2011-11-19 02:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/11/14/3 | mailing-list, x_refsource_MLIST | |
| http://www.resourcespace.org/download.php | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2011/11/13/2 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:51.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20111114 Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.resourcespace.org/download.php"
},
{
"name": "[oss-security] 20111113 CVE request: ResourceSpace before 4.2.2833 insufficient access check",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/11/13/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-19T02:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20111114 Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.resourcespace.org/download.php"
},
{
"name": "[oss-security] 20111113 CVE request: ResourceSpace before 4.2.2833 insufficient access check",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/11/13/2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111114 Re: CVE request: ResourceSpace before 4.2.2833 insufficient access check",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/14/3"
},
{
"name": "http://www.resourcespace.org/download.php",
"refsource": "CONFIRM",
"url": "http://www.resourcespace.org/download.php"
},
{
"name": "[oss-security] 20111113 CVE request: ResourceSpace before 4.2.2833 insufficient access check",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/13/2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4311",
"datePublished": "2011-11-19T02:00:00Z",
"dateReserved": "2011-11-04T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:42.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-11-19 03:58
Modified
2024-11-21 01:32
Severity ?
Summary
ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| montala | resourcespace | * | |
| montala | resourcespace | 2.2.1240 | |
| montala | resourcespace | 2.3.1374 | |
| montala | resourcespace | 3.0.1490 | |
| montala | resourcespace | 3.1.1557 | |
| montala | resourcespace | 3.2.1651 | |
| montala | resourcespace | 3.3.1723 | |
| montala | resourcespace | 3.4.1794 | |
| montala | resourcespace | 3.5.1857 | |
| montala | resourcespace | 3.6.2022 | |
| montala | resourcespace | 3.7.2088 | |
| montala | resourcespace | 3.8.2144 | |
| montala | resourcespace | 3.9.2269 | |
| montala | resourcespace | 4.0.2429 | |
| montala | resourcespace | 4.1.2567 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C38AE3CB-68EB-4912-A511-4A63E8E5A4A0",
"versionEndIncluding": "4.2.2816",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:2.2.1240:*:*:*:*:*:*:*",
"matchCriteriaId": "52AD45F5-445F-4FCB-956A-4CF9D5F40F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:2.3.1374:*:*:*:*:*:*:*",
"matchCriteriaId": "957E93D7-8A99-4833-ACCF-B962F5230521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.0.1490:*:*:*:*:*:*:*",
"matchCriteriaId": "F31881B6-CDE6-4FD1-B478-9E68D12EF7ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.1.1557:*:*:*:*:*:*:*",
"matchCriteriaId": "D941F016-7159-40F1-9766-DD35BDAFF845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.2.1651:*:*:*:*:*:*:*",
"matchCriteriaId": "94250016-6E5E-4E19-BD3C-582A0C4635DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.3.1723:*:*:*:*:*:*:*",
"matchCriteriaId": "758FD1C3-386A-4023-9071-4D586B5CE101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.4.1794:*:*:*:*:*:*:*",
"matchCriteriaId": "17D3EE93-8486-4160-9D48-AE5B59BA4249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.5.1857:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAB3221-8A15-4C92-A43E-9122F067E9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.6.2022:*:*:*:*:*:*:*",
"matchCriteriaId": "2450ACA2-D216-4AF1-9578-D602D4901AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.7.2088:*:*:*:*:*:*:*",
"matchCriteriaId": "2C86694B-12A0-4AA8-899D-F0990EA8C9B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.8.2144:*:*:*:*:*:*:*",
"matchCriteriaId": "638866F8-C485-4927-8034-1944779392AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:3.9.2269:*:*:*:*:*:*:*",
"matchCriteriaId": "60685610-36EC-4388-904C-506A003C819A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:4.0.2429:*:*:*:*:*:*:*",
"matchCriteriaId": "21AD3E99-4807-4568-B68F-A56B3B18547C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:4.1.2567:*:*:*:*:*:*:*",
"matchCriteriaId": "80269ABE-3407-46AF-A76B-C15893D08073",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors."
},
{
"lang": "es",
"value": "ResourceSpace antes de v4.02.2833 no valida correctamente las claves de acceso, lo que permite a atacantes remotos evitar las restricciones de los recursos a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-4311",
"lastModified": "2024-11-21T01:32:12.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-19T03:58:55.680",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/11/14/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.resourcespace.org/download.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/11/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.resourcespace.org/download.php"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-09-11 16:59
Modified
2024-11-21 02:35
Severity ?
Summary
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| montala | resourcespace | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96DFDFCD-C418-41DD-A72A-F2BE9251F13A",
"versionEndIncluding": "7.3.7009",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the \"user\" cookie to plugins/feedback/pages/feedback.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Montala Limited ResourceSpace 7.3.7009 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de la cookie \u0027user\u0027 a plugins/feedback/pages/feedback.php."
}
],
"id": "CVE-2015-6915",
"lastModified": "2024-11-21T02:35:52.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-09-11T16:59:21.613",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133297/ResourceSpace-CMS-7.3.7009-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/133297/ResourceSpace-CMS-7.3.7009-SQL-Injection.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-17 20:15
Modified
2024-11-21 07:04
Severity ?
Summary
In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://www.resourcespace.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.resourcespace.com | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| montala | resourcespace | * | |
| montala | resourcespace | 9.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "840DAB4E-4B5F-4464-A6B9-5305A5E97118",
"versionEndExcluding": "9.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:9.8:-:*:*:*:*:*:*",
"matchCriteriaId": "8FFEC53C-2531-4028-87A3-B52789CBE54E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value."
},
{
"lang": "es",
"value": "En Montala ResourceSpace versiones hasta 9.8 anteriores a r19636, el archivo csv_export_results_metadata.php permite a atacantes exportar los metadatos de la colecci\u00f3n por medio de un valor k no NULL"
}
],
"id": "CVE-2022-31260",
"lastModified": "2024-11-21T07:04:14.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-17T20:15:08.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.resourcespace.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/grymer/CVE/blob/master/CVE-2022-31260.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.resourcespace.com"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-06-09 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| montala | resourcespace | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2240B96-4DC8-4EDA-AADD-26B88EA16B25",
"versionEndIncluding": "7.1.6513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en pages/setup.php en Montala Limited ResourceSpace anterior a 7.2.6727 permite a atacantes remotos incluir y ejecutar ficheros locales arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro defaultlanguage."
}
],
"id": "CVE-2015-3648",
"lastModified": "2024-11-21T02:29:33.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-06-09T14:59:04.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html"
},
{
"source": "cve@mitre.org",
"url": "http://svn.montala.com/websvn/revision.php?repname=ResourceSpace\u0026path=%2F\u0026rev=6640\u0026peg=6738"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/535669/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75019"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.montala.com/websvn/revision.php?repname=ResourceSpace\u0026path=%2F\u0026rev=6640\u0026peg=6738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/535669/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23258"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-15 16:15
Modified
2024-11-21 06:26
Severity ?
Summary
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| montala | resourcespace | * | |
| montala | resourcespace | 9.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC0920B0-4D4E-4E8A-8E76-6AB1794225EF",
"versionEndExcluding": "9.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:9.6:-:*:*:*:*:*:*",
"matchCriteriaId": "44D1F246-104A-42EA-A001-AC9816418510",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim\u0027s browser."
},
{
"lang": "es",
"value": "ResourceSpace versiones anteriores a 9.6 rev 18290, est\u00e1 afectado por una vulnerabilidad de tipo Cross-Site Scripting reflejada en el archivo plugins/wordpress_sso/pages/index.php por medio del par\u00e1metro wordpress_user. Si un atacante es capaz de persuadir a una v\u00edctima para que visite una URL dise\u00f1ada, es posible ejecutar contenido JavaScript malicioso dentro del contexto del navegador de la v\u00edctima"
}
],
"id": "CVE-2021-41951",
"lastModified": "2024-11-21T06:26:59.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-15T16:15:10.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-15 16:15
Modified
2024-11-21 06:26
Severity ?
Summary
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php | Broken Link, Vendor Advisory | |
| cve@mitre.org | https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| montala | resourcespace | 9.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:montala:resourcespace:9.6:-:*:*:*:*:*:*",
"matchCriteriaId": "44D1F246-104A-42EA-A001-AC9816418510",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users."
},
{
"lang": "es",
"value": "Un problema de salto de directorio en ResourceSpace versiones 9.6 anteriores a 9.6 rev 18277, permite a atacantes remotos no autenticados eliminar archivos arbitrarios en el servidor ResourceSpace por medio de los par\u00e1metros provider y variant en el archivo pages/ajax/tiles.php. los atacantes pueden eliminar archivos de configuraci\u00f3n o de c\u00f3digo fuente, causando que la aplicaci\u00f3n no est\u00e9 disponible para todos los usuarios"
}
],
"id": "CVE-2021-41950",
"lastModified": "2024-11-21T06:26:59.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-15T16:15:10.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/ajax/tiles.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-15 16:15
Modified
2024-11-21 06:26
Severity ?
Summary
A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php | Broken Link, Vendor Advisory | |
| cve@mitre.org | https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php | Broken Link, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| montala | resourcespace | 9.5 | |
| montala | resourcespace | 9.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:montala:resourcespace:9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3791CAB1-19F0-4F46-A016-7328488918D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:montala:resourcespace:9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA365B3E-BFF7-4C2D-AA78-86D2EC0501B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 \u003c rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server."
},
{
"lang": "es",
"value": "Un problema de inyecci\u00f3n SQL en el archivo pages/edit_fields/9_ajax/add_keyword.php de ResourceSpace versiones 9.5 y 9.6 anteriores a rev 18274, permite a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios por medio del par\u00e1metro k. Esto permite a atacantes descubrir el contenido completo de la base de datos de ResourceSpace, incluyendo las cookies de la sesi\u00f3n del usuario. Un atacante que obtenga una cookie de sesi\u00f3n de un usuario administrador puede usar la cookie de sesi\u00f3n para ejecutar c\u00f3digo arbitrario en el servidor"
}
],
"id": "CVE-2021-41765",
"lastModified": "2024-11-21T06:26:43.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-15T16:15:10.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Vendor Advisory"
],
"url": "http://svn.resourcespace.com/svn/rs/releases/9.6/pages/edit_fields/9_ajax/add_keyword.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.horizon3.ai/multiple-vulnerabilities-in-resourcespace/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}