CVE-2019-17503

MEDIUM EXPLOITED NUCLEI

Kirona DRS 5.5.3.5 - Info Disclosure

Title source: llm

Description

An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.

Exploits (1)

exploitdb WORKING POC

by Ramikan · textwebappsphp

https://www.exploit-db.com/exploits/47498

View Code ZIP pw:eip

Nuclei Templates (1)

Kirona Dynamic Resource Scheduler - Information Disclosure

MEDIUMby LogicalHunter

References (2)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/154838/Kirona-DRS-5.5.3.5-Information-Disclosure.html

[Exploit, Third Party Advisory] https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities

Scores

CVSS v3 5.3

EPSS 0.9022

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

VulnCheck KEV 2023-11-26

CWE

CWE-425

Status published

Products (1)

kirona/dynamic_resource_scheduling 5.5.3.5

Published Oct 11, 2019

Tracked Since Feb 18, 2026