Plateforme
php
Composant
mellivora
Corrigé dans
2.0.1
2.1.1
CVE-2019-25092 describes a cross-site scripting (XSS) vulnerability discovered in Mellivora, a PHP-based application. This vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to session hijacking or defacement. It affects versions 2.0 through 2.1 and is resolved by upgrading to version 2.2.0.
The vulnerability lies within the printuserip_log function of the user.inc.php file within the Admin Panel component. An attacker can manipulate the $entry['ip'] argument to inject arbitrary JavaScript code. Successful exploitation allows the attacker to execute malicious scripts within the context of the user's browser, potentially stealing session cookies, redirecting users to malicious websites, or modifying the application's content. The impact is amplified if the application is used in a sensitive environment or handles confidential data, as an attacker could gain unauthorized access and compromise user accounts.
This vulnerability was publicly disclosed in December 2022. While a public proof-of-concept is not widely available, the XSS nature of the vulnerability makes it relatively easy to exploit. No confirmed active exploitation campaigns have been reported as of the publication date. The vulnerability is tracked in the Vulners Database as VDB-216955.
Organizations using Mellivora versions 2.0 and 2.1, particularly those with publicly accessible Admin Panels, are at risk. Shared hosting environments where multiple users share the same Mellivora installation are also at increased risk, as a compromised user account could be used to launch attacks against other users.
• php: Examine the user.inc.php file for the vulnerable printuserip_log function. Search for instances where the $entry['ip'] variable is directly outputted without proper sanitization.
// Example of vulnerable code
echo "User IP: " . $entry['ip'];• generic web: Monitor access logs for suspicious requests targeting the Admin Panel, particularly those containing unusual characters or JavaScript code in the user IP field. Use a WAF to block requests containing potentially malicious JavaScript payloads. • generic web: Check response headers for signs of XSS, such as the presence of injected JavaScript code in the HTML content.
discovery
disclosure
Statut de l'Exploit
EPSS
0.31% (percentile 54%)
Vecteur CVSS
The primary mitigation for CVE-2019-25092 is to upgrade Mellivora to version 2.2.0, which includes a patch (commit e0b6965f8dde608a3d2621617c05695eb406cbb9) addressing the vulnerability. If upgrading is not immediately feasible, consider implementing input validation and sanitization on the $entry['ip'] parameter to prevent malicious code injection. Web application firewalls (WAFs) can also be configured to detect and block XSS attempts targeting this specific function. After upgrading, confirm the fix by attempting to inject a simple JavaScript payload into the user IP log field and verifying that it is properly sanitized.
Actualice Mellivora a la versión 2.2.0 o posterior. Esta versión contiene una corrección para la vulnerabilidad de Cross-Site Scripting (XSS) en el panel de administración. La actualización mitigará el riesgo de ataques XSS a través del parámetro $entry['ip'] en el archivo include/layout/user.inc.php.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2019-25092 is a cross-site scripting (XSS) vulnerability affecting Mellivora versions 2.0 and 2.1, allowing attackers to inject malicious scripts.
You are affected if you are using Mellivora versions 2.0 or 2.1. Upgrade to version 2.2.0 to mitigate the risk.
Upgrade Mellivora to version 2.2.0. This version includes a patch that resolves the vulnerability. Input validation is a temporary workaround.
While no confirmed active exploitation campaigns have been reported, the ease of exploitation means it remains a potential threat.
Refer to the Vulners Database entry VDB-216955 for details and related information: https://vulners.com/VDB-216955
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.