MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors.
References
| Link | Resource |
|---|---|
| https://github.com/mari0x00/MaianAffiliate-Code-execution-and-XSS | Exploit Third Party Advisory |
| https://www.maianscriptworld.co.uk/ | Vendor Advisory |
Configurations
History
27 Jun 2022, 17:19
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:maianmedia:maianaffiliate:1.0:*:*:*:*:*:*:* |
04 Oct 2021, 13:44
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
| CWE | CWE-94 |
28 Sep 2021, 18:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CPE | cpe:2.3:a:maianscriptworld:maianaffiliate:1.0:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 4.8 |
| References | (MISC) https://www.maianscriptworld.co.uk/ - Vendor Advisory | |
| References | (MISC) https://github.com/mari0x00/MaianAffiliate-Code-execution-and-XSS - Exploit, Third Party Advisory |
20 Sep 2021, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-09-20 15:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-39402
Mitre link : CVE-2021-39402
CVE.ORG link : CVE-2021-39402
JSON object : View
Products Affected
maianmedia
- maianaffiliate
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')