CVE-2020-25130

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://gist.github.com/mariuszpoplawski/243d1e7c07adc736bae8069fe831745c	Exploit Third Party Advisory
https://gist.github.com/mariuszpoplawski/243d1e7c07adc736bae8069fe831745c	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:observium:observium:20.8.10631::::community:::
	cpe:2.3:a:observium:observium:20.8.10631::::enterprise:::
	cpe:2.3:a:observium:observium:20.8.10631::::professional:::

History

21 Nov 2024, 05:17

Type	Values Removed	Values Added
References	~~() https://gist.github.com/mariuszpoplawski/243d1e7c07adc736bae8069fe831745c - Exploit, Third Party Advisory~~	() https://gist.github.com/mariuszpoplawski/243d1e7c07adc736bae8069fe831745c - Exploit, Third Party Advisory

Information

Published : 2020-09-25 14:15

Updated : 2024-11-21 05:17

NVD link : CVE-2020-25130

Mitre link : CVE-2020-25130

CVE.ORG link : CVE-2020-25130

JSON object : View

Products Affected

observium

observium

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2020-25130", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-09-25T14:15:13.860", "references": [{"url": "https://gist.github.com/mariuszpoplawski/243d1e7c07adc736bae8069fe831745c", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/mariuszpoplawski/243d1e7c07adc736bae8069fe831745c", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Observium Professional, Enterprise & Community versi\u00f3n 20.8.10631. Es vulnerable a una inyecci\u00f3n SQL debido al hecho de que es posible inyectar sentencias SQL maliciosas en tipos de par\u00e1metros malformados. Al enviar la Matriz tipo variable inapropiada permite omitir el saneamiento de la Inyecci\u00f3n SQL principal. Los usuarios autenticados son capaces de inyectar consultas SQL maliciosas. Esta vulnerabilidad conlleva a un filtrado completo de la base de datos, incluyendo ckeys que pueden ser usadas en el proceso de autenticaci\u00f3n sin conocer el nombre de usuario y la contrase\u00f1a en texto sin cifrar. Esto puede ocurrir mediante el campo group_id del archivo ajax/actions.php"}], "lastModified": "2024-11-21T05:17:24.850", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:observium:observium:20.8.10631:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "A10D901F-6123-433A-8EB3-951C0345A24B"}, {"criteria": "cpe:2.3:a:observium:observium:20.8.10631:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "C7176124-B91A-4013-8242-44374DB62624"}, {"criteria": "cpe:2.3:a:observium:observium:20.8.10631:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "93B444CB-8890-466D-B9C4-2BEC146C79CB"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}