Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities by ekakin
CVE-2023-43825 (GCVE-0-2023-43825)
Vulnerability from cvelistv5 – Published: 2023-09-27 07:14 – Updated: 2024-09-24 14:09
VLAI
Summary
Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product..
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Relative path traversal
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus |
Affected:
Ver9.0.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://ekakin.la.coocan.jp/index.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN17434995/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:09:41.406986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:09:53.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver9.0.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Relative path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T07:14:02.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "http://ekakin.la.coocan.jp/index.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN17434995/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-43825",
"datePublished": "2023-09-27T07:14:02.216Z",
"dateReserved": "2023-09-24T23:31:33.617Z",
"dateUpdated": "2024-09-24T14:09:53.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5556 (GCVE-0-2020-5556)
Vulnerability from cvelistv5 – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN63834780/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:29.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN63834780/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5556",
"datePublished": "2020-03-25T01:25:29.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5554 (GCVE-0-2020-5554)
Vulnerability from cvelistv5 – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI
Summary
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32415420/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5554",
"datePublished": "2020-03-25T01:25:28.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5555 (GCVE-0-2020-5555)
Vulnerability from cvelistv5 – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.
Severity
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32415420/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5555",
"datePublished": "2020-03-25T01:25:28.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43825 (GCVE-0-2023-43825)
Vulnerability from nvd – Published: 2023-09-27 07:14 – Updated: 2024-09-24 14:09
VLAI
Summary
Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product..
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Relative path traversal
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus |
Affected:
Ver9.0.3 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://ekakin.la.coocan.jp/index.htm"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN17434995/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43825",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T14:09:41.406986Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T14:09:53.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver9.0.3 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product.."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Relative path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-27T07:14:02.216Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "http://ekakin.la.coocan.jp/index.htm"
},
{
"url": "https://jvn.jp/en/jp/JVN17434995/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-43825",
"datePublished": "2023-09-27T07:14:02.216Z",
"dateReserved": "2023-09-24T23:31:33.617Z",
"dateUpdated": "2024-09-24T14:09:53.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5556 (GCVE-0-2020-5556)
Vulnerability from nvd – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN63834780/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:29.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN63834780/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN63834780/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5556",
"datePublished": "2020-03-25T01:25:29.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5554 (GCVE-0-2020-5554)
Vulnerability from nvd – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI
Summary
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32415420/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5554",
"datePublished": "2020-03-25T01:25:28.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5555 (GCVE-0-2020-5555)
Vulnerability from nvd – Published: 2020-03-25 01:25 – Updated: 2024-08-04 08:30
VLAI
Summary
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.
Severity
No CVSS data available.
CWE
- Improper Input Validation
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN32415420/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| EKAKIN | Shihonkanri Plus GOOUT |
Affected:
Ver1.5.8 and Ver2.2.10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:24.617Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Shihonkanri Plus GOOUT",
"vendor": "EKAKIN",
"versions": [
{
"status": "affected",
"version": "Ver1.5.8 and Ver2.2.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-25T01:25:28.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Shihonkanri Plus GOOUT",
"version": {
"version_data": [
{
"version_value": "Ver1.5.8 and Ver2.2.10"
}
]
}
}
]
},
"vendor_name": "EKAKIN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jvn.jp/en/jp/JVN32415420/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN32415420/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5555",
"datePublished": "2020-03-25T01:25:28.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:30:24.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2023-000095
Vulnerability from jvndb - Published: 2023-09-27 13:49 - Updated:2024-05-21 17:16
Severity
Summary
Shihonkanri Plus vulnerable to relative path traversal
Details
Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability (CWE-23).
Shimizu Yutaro of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000095.html",
"dc:date": "2024-05-21T17:16+09:00",
"dcterms:issued": "2023-09-27T13:49+09:00",
"dcterms:modified": "2024-05-21T17:16+09:00",
"description": "Shihonkanri Plus provided by EKAKIN contains a relative path traversal vulnerability (CWE-23).\r\n\r\nShimizu Yutaro of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000095.html",
"sec:cpe": {
"#text": "cpe:/a:ekakin:shihonkanri_plus",
"@product": "Shihonkanri Plus",
"@vendor": "EKAKIN",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000095",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17434995/index.html",
"@id": "JVN#17434995",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-43825",
"@id": "CVE-2023-43825",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-43825",
"@id": "CVE-2023-43825",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Shihonkanri Plus vulnerable to relative path traversal"
}
JVNDB-2020-000902
Vulnerability from jvndb - Published: 2020-03-24 17:53 - Updated:2020-03-24 17:53
Severity
Summary
Multiple vulnerabilities in Shihonkanri Plus GOOUT
Details
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.
Shihonkanri Plus GOOUT contains multiple vulnerabilities (which allow reading/writing an arbitrary file) listed below because of the improper validation of input parameter.
* Directory traversal (CWE-22) - CVE-2020-5554
* A vulnerability allowing manipulation of arbitrary files (CWE-20) - CVE-2020-5555
During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.
1. The developer of the product is unreachable:
2. Existence of vulnerability has been verified:
3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product:
4. There are no particular reasons that would make disclosure inappropriate:
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000902.html",
"dc:date": "2020-03-24T17:53+09:00",
"dcterms:issued": "2020-03-24T17:53+09:00",
"dcterms:modified": "2020-03-24T17:53+09:00",
"description": "Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.\r\nShihonkanri Plus GOOUT contains multiple vulnerabilities (which allow reading/writing an arbitrary file) listed below because of the improper validation of input parameter.\r\n\r\n* Directory traversal (CWE-22) - CVE-2020-5554\r\n* A vulnerability allowing manipulation of arbitrary files (CWE-20) - CVE-2020-5555\r\n\r\nDuring the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.\r\n\r\n 1. The developer of the product is unreachable:\r\n 2. Existence of vulnerability has been verified:\r\n 3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product:\r\n 4. There are no particular reasons that would make disclosure inappropriate:",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000902.html",
"sec:cpe": {
"#text": "cpe:/a:ekakin:shihonkanri_plus_goout",
"@product": "shihonkanri Plus GOOUT",
"@vendor": "EKAKIN",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000902",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN32415420/index.html",
"@id": "JVN#32415420",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5554",
"@id": "CVE-2020-5554",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5555",
"@id": "CVE-2020-5555",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5554",
"@id": "CVE-2020-5554",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5555",
"@id": "CVE-2020-5555",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-22",
"@title": "Path Traversal(CWE-22)"
}
],
"title": "Multiple vulnerabilities in Shihonkanri Plus GOOUT"
}
JVNDB-2020-000903
Vulnerability from jvndb - Published: 2020-03-24 17:47 - Updated:2020-03-24 17:47
Severity
Summary
Shihonkanri Plus GOOUT vulnerable to OS command injection
Details
Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.
Shihonkanri Plus GOOUT contains an OS command injection (CWE-78) vulnerability.
During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.
1. The developer of the product is unreachable
2. Existence of vulnerability has been verified
3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product
4. There are no particular reasons that would make disclosure inappropriate
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000903.html",
"dc:date": "2020-03-24T17:47+09:00",
"dcterms:issued": "2020-03-24T17:47+09:00",
"dcterms:modified": "2020-03-24T17:47+09:00",
"description": "Shihonkanri Plus GOOUT provided by EKAKIN is a CGI that enables to view data stored in Shihonkanri Plus outside.\r\nShihonkanri Plus GOOUT contains an OS command injection (CWE-78) vulnerability.\r\n\r\nDuring the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this vulnerability shall be disclosed since all the criteria and conditions described below which are stated in Standards for Handling Vulnerability related Information of Software Products and Other and Information Security Early Warning Partnership Guideline have been satisfied.\r\n\r\n1. The developer of the product is unreachable\r\n2. Existence of vulnerability has been verified\r\n3. Not disclosing this case may result in the risk that product users will have no means to know of the existence of the vulnerability in the product\r\n4. There are no particular reasons that would make disclosure inappropriate",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000903.html",
"sec:cpe": {
"#text": "cpe:/a:ekakin:shihonkanri_plus_goout",
"@product": "shihonkanri Plus GOOUT",
"@vendor": "EKAKIN",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.3",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2020-000903",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63834780/index.html",
"@id": "JVN#63834780",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5556",
"@id": "CVE-2020-5556",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5556",
"@id": "CVE-2020-5556",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Shihonkanri Plus GOOUT vulnerable to OS command injection"
}
JVNDB-2007-000260
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability
Details
Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000260.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Shihonkanri Plus Ver2 GOOUT is open source software which enables a user to view data from Shihonkanri Plus via network. Shihonkanri Plus Ver2 GOOUT contains a directory traversal vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000260.html",
"sec:cpe": {
"#text": "cpe:/a:ekakin:shihonkanri_plus_goout",
"@product": "shihonkanri Plus GOOUT",
"@vendor": "EKAKIN",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000260",
"sec:references": {
"#text": "http://jvn.jp/en/jp/JVN62334841/index.html",
"@id": "JVN#62334841",
"@source": "JVN"
},
"title": "Shihonkanri Plus Ver2 GOOUT directory traversal vulnerability"
}