| Ãë¾àÁ¡ID |
210120 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®´Â ´ÙÁßÀÇ Ãë¾àÁ¡µéÀ» °¡Áø MySQL EventumÀÌ °¡µ¿ ÁßÀÎ °ÍÀ¸·Î ³ªÅ¸³´Ù.
EventumÀº MySQL µ¥ÀÌÅͺ£À̽º¸¦ »ç¿ëÇÏ´Â PHP·Î Á¦ÀÛµÈ ´Ù±â´ÉÀÇ ¹®Á¦ ÃßÀû ½Ã½ºÅÛÀÌ´Ù. Eventum 2.3.1 ÀÌÇÏÀÇ ¹öÀüµéÀº XSS Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
'forgot_password.php' ½ºÅ©¸³Æ®¿¡¼ »ç¿ëÀÚ ÀÔ·Â °ªÀ» Á¦´ë·Î üũÇÏÁö ¾Ê°í ÀÀ´äÀ» º¸³½´Ù.
* Âü°í »çÀÌÆ®:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-4989.php
https://bugs.launchpad.net/eventum/+bug/706385
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
MySQL AB Eventum 2.3.1 ÀÌÀü ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
´ÙÀ½ »çÀÌÆ®¸¦ ÂüÁ¶ÇÏ¿© ÃֽŹöÀüÀÇ EventumÀÇ »õ ¹öÀü(2.3.1 ȤÀº ÀÌÈÄ)À» ±¸ÇÏ¿© ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
https://launchpad.net/eventum/ |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
46380 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
