CVE-2020-5640

2020-10-2007:55:20

jpcert

www.cve.org

file inclusion

remote attacker

arbitrary code

sensitive information

unauthenticated

AI Score

9.7

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.

CNA Affected

[
  {
    "product": "OneThird CMS",
    "vendor": "SpiQe Software",
    "versions": [
      {
        "status": "affected",
        "version": "v1.96c and earlier"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU99467898/index.html

onethird.net/en/p1340.html