Japan Vulnerability NotesJVN:34232719JVN#34232719: Multiple vulnerabilities in KonaWiki2
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.7%
KonaWiki2 provided by kujirahand contains multiple vulnerabilites listed below.
SQL Injection (CWE-89) - CVE-2021-20720
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Base Score: 7.3 |
| CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20721
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | Base Score: 7.3 |
| CVSS v2 | AV:N/AC:L/Au:N/C:P/I:P/A:P | Base Score: 7.5 |
Impact
- A remote attacker may obtain and/or alter the information stored in the database - CVE-2021-20720
- A remote attacker may upload arbitrary files. If the file contains PHP scripts, arbitrary code may be executed - CVE-2021-20721
Solution
Update the software
Update to the latest version according to the information provided by the developer.
Products Affected
KonaWiki2 versions prior to 2.2.4
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.7%