Lucene search

[email protected]CVE-2020-8505

HistoryJan 31, 2020 - 10:15 p.m.

CVE-2020-8505

2020-01-3122:15:12

CWE-352

[email protected]

web.nvd.nist.gov

147

cve-2020-8505

school management software

php

mysql

csrf

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF to delete a user.

Affected configurations

NVD

Node

aroxschool_management_software_php\/mysqlRange≤2019-03-14

CPENameOperatorVersion
arox:school_management_software_php\/mysqlarox school management software php/mysqlle2019-03-14

CPE	Name	Operator	Version
arox:school_management_software_php\/mysql	arox school management software php/mysql	le	2019-03-14

References

github.com/J3rryBl4nks/SchoolERPCSRF

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

27.2%

JSON

Related for CVE-2020-8505

cvelist1 prion1 nvd1 exploitpack1 exploitdb1