Published: 07/09/2017 Updated: 18/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server prior to 6.9 allows remote malicious users to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cesanta mongoose embedded web server library

[+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/MONGOOSE-WEB-SERVER-v65-CSRF-COMMAND-EXECUTIONtxt [+] ISR: apparitionSec Vendor: =============== wwwcesantacom Product: ================== Mongoose Web Server (Free Edition) Mongoose-free-65exe ...

Mongoose Web Server version 65 suffers from cross site request forgery and remote command execution vulnerabilities ...

CWE-352 http://seclists.org/fulldisclosure/2017/Sep/3 http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt https://www.exploit-db.com/exploits/42614/https://nvd.nist.gov https://www.exploit-db.com/exploits/42614/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-11567

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect