Tag
#php
The ABB BMS/BAS controller suffers from an unauthenticated reflected cross-site scripting vulnerability. Input passed to the GET parameter 'redirect' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.
The ABB BMS/BAS controller suffers from an unauthenticated information disclosure and manipulation vulnerability in the OOS (Out of Service) Manager. An unauthorized attacker can enumerate devices marked as in or out of service, accessing detailed information such as device names, network IDs, and transaction counts. Furthermore, the attacker can exploit this vulnerability to modify the OOS status of devices, allowing unauthorized additions or updates via the exposed functionality of the /oosManagerAjax.php endpoint.
The ABB BMS/BAS controller suffers from an unauthenticated information disclosure vulnerability. An unauthorized attacker can access the affected page and retrieve sensitive system details, including active threads, mapping of reference paths, port pool configurations, internal IP addresses, serial port queue information, and performance metrics such as transaction times.
The ABB BMS/BAS controller is vulnerable to code execution and sudo misconfiguration flaws. An authenticated remote code execution vulnerability in the firmware update mechanism allows an attacker with valid credentials to escalate privileges and execute commands as root. The process involves uploading a crafted .aam file through fileSystemUpdate.php, which is then moved to /tmp and executed by fileSystemUpdateExecute.php. This script leverages sudo to run the upgrade-bundle.sh script, enabling the attacker to bypass input validation checks and execute arbitrary code, leading to full system compromise and unauthorized root access.
The ABB BMS/BAS controller allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The ABB BMS/BAS controller suffers from an authenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by servicesUpdate.php script.
The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'file' HTTP GET parameter called by the fileSystemUpdateExecute.php script.
The ABB BMS/BAS controller suffers from an unauthenticated blind OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'instance' HTTP POST parameter called by servicesUpdate.php script.
### Summary Exposure of database (ie postgreSQL) server's credential when connection to DB fails. ### Details Exposed database credentials upon misconfig/DoS @ permalink: https://github.com/thorsten/phpMyFAQ/blob/main/phpmyfaq/src/phpMyFAQ/Setup/Installer.php#L694 ### PoC When postgreSQL server is unreachable, an error would be thrown exposing the credentials of the database. For instance, when "http://<phpmyfaq-instance>:8080/setup/index.php" is hit when the database instance/server is down, then credentials are exposed, for instance: ``` ( ! ) Warning: pg_connect(): Unable to connect to PostgreSQL server: connection to server at "127.0.0.1", port 5432 failed: Connection refused Is the server running on that host and accepting TCP/IP connections? in /var/www/html/src/phpMyFAQ/Database/Pgsql.php on line 78 Call Stack # Time Memory Function Location 1 0.0404 453880 {main}( ) .../index.php:0 2 1.1341 610016 phpMyFAQ\Setup\Installer->startInstall( $setup = ??? ) .../index.php...
Discover the future of eCommerce with bespoke app development. Learn how tailored solutions enhance user experience, security, and performance while empowering businesses to meet unique needs and gain a competitive edge.