Published: 11/10/2019 Updated: 21/07/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Dynamic Resource Scheduling

An issue exists in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kirona dynamic resource scheduling 5.5.3.5

Check Point Reference: CPAI-2019-3144 Date Published: 22 Jan 2024 Severity: Medium ...

# Exploit Title: Kirona-DRS 5535 - Information Disclosure # Discovered Date: 2019-10-03 # Shodan Search: /opt-portal/pages/loginxhtml # Exploit Author: Ramikan # Vendor Homepage: wwwkironacom/products/dynamic-resource-scheduler/ # Affected Version: DRS 5535 may be other versions # Tested On Version: DRS 5535 on PHP/5614 # Ven ...

Kirona-DRS version 5535 suffers from an information disclosure vulnerability ...

CWE-425 https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47498 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2019-3144.html

CVE-2019-17503

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect