vendor:
BolinOS
by:
Digital Security Research Group [DSecRG]
7.5
CVSS
HIGH
Local File Include,Multiple XSS, System information disclosure
79, 79, 200
CWE
Product Name: BolinOS
Affected Version From: 4.6.2001
Affected Version To: 4.6.2001
Patch Exists: NO
Related CWE: N/A
CPE: a:bolinos:bolinos:4.6.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
DSECRG-08-022
BolinOS system has multiple security vulnerabilities: 1. Local File Include vulnerability found in system/_b/contentFiles/gbincluder.php, 2. Multiple Linked XSS vulnerabilities, 2.1 Linked XSS vulnerability found in page /system/actionspages/_b/contentFiles/gBImageViewer.php, 2.2 Linked XSS vulnerability found in page /system/actionspages/_b/contentFiles/gBselectorContents.php, 3. Multiple XSS in POST, 3.1 XSS vulnerability found in page /system/actionspages/_b/contentFiles/gBselectorContents.php, 4. System information disclosure vulnerability found in page /system/actionspages/_b/contentFiles/gBselectorContents.php
Mitigation:
Update BolinOS to the latest version