CVE-2017-17713 - Vulnerability Details - OpenCVE

Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Boxug	Trape

Configuration 1 [-]

cpe:2.3:a:boxug:trape:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3
https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/
https://www.youtube.com/watch?v=RWw1UTeZee8
https://www.youtube.com/watch?v=Txp6IwR24jY
https://www.youtube.com/watch?v=efmvL235S-8

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-16T20:00:00

Updated: 2024-08-05T20:59:17.676Z

Reserved: 2017-12-16T00:00:00

Link: CVE-2017-17713

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-12-16T20:29:00.200

Modified: 2024-11-21T03:18:30.397

Link: CVE-2017-17713

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-16T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=Txp6IwR24jY"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=RWw1UTeZee8"}, {"tags": ["x_refsource_MISC"], "url": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=efmvL235S-8"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-17713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.youtube.com/watch?v=Txp6IwR24jY", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=Txp6IwR24jY"}, {"name": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3", "refsource": "MISC", "url": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"}, {"name": "https://www.youtube.com/watch?v=RWw1UTeZee8", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=RWw1UTeZee8"}, {"name": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/", "refsource": "MISC", "url": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"}, {"name": "https://www.youtube.com/watch?v=efmvL235S-8", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=efmvL235S-8"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T20:59:17.676Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=Txp6IwR24jY"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=RWw1UTeZee8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=efmvL235S-8"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-17713", "datePublished": "2017-12-16T20:00:00", "dateReserved": "2017-12-16T00:00:00", "dateUpdated": "2024-08-05T20:59:17.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:boxug:trape:*:*:*:*:*:*:*:*", "matchCriteriaId": "19D0D8F3-049F-4BF7-92C2-6D0FAE44C2DB", "versionEndExcluding": "2017-11-05", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter."}, {"lang": "es", "value": "Trape en versiones anteriores a 2017-11-05 tiene una vulnerabilidad de inyecci\u00f3n SQL mediante el par\u00e1metro red en /nr , el par\u00e1metro vld en /nr, la cabecera HTTP User-Agent en /register, el par\u00e1metro country en /register , el par\u00e1metro countryCode en /register , el par\u00e1metro cpu en /register, el par\u00e1metro isp en /register , el par\u00e1metro lat en /register, el par\u00e1metro lon en /register , el par\u00e1metro org en /register, el par\u00e1metro query en /register, el par\u00e1metro region en /register, el par\u00e1metro regionName en /register, el par\u00e1metro timezone en /register, el par\u00e1metro vId en /register, el par\u00e1metro zip en /register o el par\u00e1metro id en /tping."}], "id": "CVE-2017-17713", "lastModified": "2024-11-21T03:18:30.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-16T20:29:00.200", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=RWw1UTeZee8"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=Txp6IwR24jY"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=efmvL235S-8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=RWw1UTeZee8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=Txp6IwR24jY"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=efmvL235S-8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}