CVE-2024-1200 - OpenCVE

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jspxcms	Jspxcms

Configuration 1 [-]

cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf
https://vuldb.com/?ctiid.252698
https://vuldb.com/?id.252698

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-02-03T02:00:06.276Z

Updated: 2024-08-26T18:34:36.686Z

Reserved: 2024-02-02T08:25:45.420Z

Link: CVE-2024-1200

Vulnrichment

Updated: 2024-08-01T18:33:25.109Z

NVD

Status : Modified

Published: 2024-02-03T02:15:52.943

Modified: 2024-05-17T02:35:18.673

Link: CVE-2024-1200

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1200", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-02-02T08:25:45.420Z", "datePublished": "2024-02-03T02:00:06.276Z", "dateUpdated": "2024-08-26T18:34:36.686Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-03T02:00:06.276Z"}, "title": "Jspxcms information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Information Disclosure"}]}], "affected": [{"vendor": "n/a", "product": "Jspxcms", "versions": [{"version": "10.2.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Jspxcms 10.2.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /template/1/default/. Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-02-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-02-02T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-02-02T09:30:54.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "hexixi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.252698", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.252698", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.109Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.252698", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.252698", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf", "tags": ["exploit", "x_transferred"]}]}, {"affected": [{"vendor": "jspxcms", "product": "jspxcms", "cpes": ["cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "10.2.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-02-06T16:13:00.874928Z", "id": "CVE-2024-1200", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T18:34:36.686Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.252698", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.252698", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:33:25.109Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1200", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-06T16:13:00.874928Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*"], "vendor": "jspxcms", "product": "jspxcms", "versions": [{"status": "affected", "version": "10.2.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T18:34:24.154Z"}}], "cna": {"title": "Jspxcms information disclosure", "credits": [{"lang": "en", "type": "reporter", "value": "hexixi (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "affected": [{"vendor": "n/a", "product": "Jspxcms", "versions": [{"status": "affected", "version": "10.2.0"}]}], "timeline": [{"lang": "en", "time": "2024-02-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-02-02T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-02-02T09:30:54.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.252698", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.252698", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability."}, {"lang": "de", "value": "Eine Schwachstelle wurde in Jspxcms 10.2.0 gefunden. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /template/1/default/. Mittels Manipulieren mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Information Disclosure"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-02-03T02:00:06.276Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1200", "state": "PUBLISHED", "dateUpdated": "2024-08-26T18:34:36.686Z", "dateReserved": "2024-02-02T08:25:45.420Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-02-03T02:00:06.276Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jspxcms:jspxcms:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2CC8654-4A79-4A1D-8AFA-C8309ED94FCD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Jspxcms 10.2.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /template/1/default/ es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-252698 es el identificador asignado a esta vulnerabilidad."}], "id": "CVE-2024-1200", "lastModified": "2024-05-17T02:35:18.673", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-02-03T02:15:52.943", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?ctiid.252698"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.252698"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "cna@vuldb.com", "type": "Secondary"}]}