Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-12147

EPSS 2.54% · P86
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-12147

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Sangoma Session Border Controller (SBC) 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to the system (either via the web interface or via SSH) to achieve complete compromise of the device. This affects /var/webconfig/gui/Webconfig.inc.php and /usr/local/sng/bin/sng-user-mgmt.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Sangoma Technologies SBC 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sangoma Technologies SBC是加拿大Sangoma Technologies公司的一款边界会话控制器(SBC)。 Sangoma Technologies SBC 2.3.23-119-GA版本中存在安全漏洞。攻击者可借助该应用程序的登录界面利用该漏洞在系统上创建权限账户。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2019-12147

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2019-12147

登录查看更多情报信息。

Same Patch Batch · n/a · 2019-10-22 · 22 CVEs total

CVE-2015-9495WordPress syndication-links插件跨站脚本漏洞
CVE-2019-17424nipper-ng 缓冲区错误漏洞
CVE-2019-17189Totemo totemodata 跨站脚本漏洞
CVE-2019-11674Micro Focus Self Service Password Reset 信任管理问题漏洞
CVE-2019-12967Stephan Mooltipass Moolticute 安全漏洞
CVE-2019-12290GNU libidn2 输入验证错误漏洞
CVE-2019-12148Sangoma Technologies SBC 授权问题漏洞
CVE-2019-10079Apache Traffic Server 输入验证错误漏洞
CVE-2017-8087AVM Fritz!Box 7490 信息泄露漏洞
CVE-2015-9493WordPress my-wish-list插件跨站脚本漏洞
CVE-2015-9494WordPress indieweb-post-kinds插件跨站脚本漏洞
CVE-2019-16973FusionPBX 跨站脚本漏洞
CVE-2019-15587Loofah gem for Ruby 跨站脚本漏洞
CVE-2015-9496WordPress freshmail-newsletter插件SQL注入漏洞
CVE-2015-9497WordPress ad-inserter插件跨站请求伪造漏洞
CVE-2015-9498WordPress wps-hide-login插件跨站请求伪造漏洞
CVE-2015-9499WordPress Showbiz Pro插件代码问题漏洞
CVE-2015-9500WordPress Exquisite Ultimate Newspaper theme 跨站脚本漏洞
CVE-2015-9501WordPress Artificial Intelligence theme 跨站脚本漏洞
CVE-2019-16971FusionPBX 跨站脚本漏洞

Showing top 20 of 22 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2019-12147

No comments yet

Leave a comment