A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef | Broken Link |
https://vuldb.com/?ctiid.274905 | Permissions Required |
https://vuldb.com/?id.274905 | Third Party Advisory |
https://vuldb.com/?submit.387406 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 09:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 6.3 |
Summary | (en) A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
27 Sep 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tosei:online_store_management_system:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:tosei:online_store_management_system:4.0.4:*:*:*:*:*:*:* |
cpe:2.3:a:tosei-corporation:online_store_management_system:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:tosei-corporation:online_store_management_system:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:tosei-corporation:online_store_management_system:4.0.2:*:*:*:*:*:*:* |
First Time |
Tosei-corporation
Tosei-corporation online Store Management System |
27 Sep 2024, 00:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/b0rgch3n/bb47a1ed6f66c1e8c7a80f210f4ac8ef - Broken Link | |
References | () https://vuldb.com/?ctiid.274905 - Permissions Required | |
References | () https://vuldb.com/?id.274905 - Third Party Advisory | |
References | () https://vuldb.com/?submit.387406 - Third Party Advisory | |
First Time |
Tosei online Store Management System
Tosei |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
CPE | cpe:2.3:a:tosei:online_store_management_system:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:tosei:online_store_management_system:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:tosei:online_store_management_system:4.0.4:*:*:*:*:*:*:* |
|
Summary | (en) A vulnerability classified as critical has been found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
19 Aug 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A vulnerability classified as critical has been found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
19 Aug 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
Summary | (en) A vulnerability classified as critical has been found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This affects an unknown part of the file /cgi-bin/tosei_kikai.php. The manipulation of the argument kikaibangou leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
17 Aug 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-17 15:15
Updated : 2024-11-21 09:52
NVD link : CVE-2024-7897
Mitre link : CVE-2024-7897
CVE.ORG link : CVE-2024-7897
JSON object : View
Products Affected
tosei-corporation
- online_store_management_system
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')