A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue.
History

Thu, 19 Sep 2024 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Master-nan
Master-nan sweet-cms
CPEs cpe:2.3:a:master-nan:sweet-cms:*:*:*:*:*:*:*:*
Vendors & Products Master-nan
Master-nan sweet-cms

Fri, 30 Aug 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Sweetcms
Sweetcms sweetcms
CPEs cpe:2.3:a:sweetcms:sweetcms:*:*:*:*:*:*:*:*
Vendors & Products Sweetcms
Sweetcms sweetcms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 30 Aug 2024 13:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be initiated remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 2024c370e6c78b07b358c9d4257fa5d1be732c38. It is recommended to apply a patch to fix this issue.
Title master-nan Sweet-CMS log.go LogHandler neutralization for logs
Weaknesses CWE-117
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-08-30T12:31:05.079Z

Updated: 2024-08-30T13:16:23.875Z

Reserved: 2024-08-30T05:35:35.265Z

Link: CVE-2024-8334

cve-icon Vulnrichment

Updated: 2024-08-30T13:16:18.845Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-30T13:15:12.587

Modified: 2024-09-19T15:39:20.913

Link: CVE-2024-8334

cve-icon Redhat

No data.