Lucene search

[email protected]NVD:CVE-2020-5616

HistoryAug 04, 2020 - 2:15 a.m.

CVE-2020-5616

2020-08-0402:15:11

CWE-287

[email protected]

web.nvd.nist.gov

remote attack

authentication bypass

administrative privileges

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.08

Percentile

94.4%

JSON

[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.

Affected configurations

Nvd

Node

calendar01_projectcalendar01Match1.0.0free

calendar02_projectcalendar02Match1.0.0free

calendarform01_projectcalendarform01Range≤1.0.3free

gallery01_projectgallery01Range≤1.0.3free

link01_projectlink01Match1.0.0free

pkobo-news01_projectpkobo-news01Range≤1.0.3free

pkobo-vote01_projectpkobo-vote01Range≤1.0.1free

telop01_projecttelop01Match1.0.0free

VendorProductVersionCPE
calendar01_projectcalendar011.0.0cpe:2.3:a:calendar01_project:calendar01:1.0.0:*:*:*:free:*:*:*
calendar02_projectcalendar021.0.0cpe:2.3:a:calendar02_project:calendar02:1.0.0:*:*:*:free:*:*:*
calendarform01_projectcalendarform01*cpe:2.3:a:calendarform01_project:calendarform01:*:*:*:*:free:*:*:*
gallery01_projectgallery01*cpe:2.3:a:gallery01_project:gallery01:*:*:*:*:free:*:*:*
link01_projectlink011.0.0cpe:2.3:a:link01_project:link01:1.0.0:*:*:*:free:*:*:*
pkobo-news01_projectpkobo-news01*cpe:2.3:a:pkobo-news01_project:pkobo-news01:*:*:*:*:free:*:*:*
pkobo-vote01_projectpkobo-vote01*cpe:2.3:a:pkobo-vote01_project:pkobo-vote01:*:*:*:*:free:*:*:*
telop01_projecttelop011.0.0cpe:2.3:a:telop01_project:telop01:1.0.0:*:*:*:free:*:*:*

Vendor	Product	Version	CPE
calendar01_project	calendar01	1.0.0	cpe:2.3:a:calendar01_project:calendar01:1.0.0::::free:::
calendar02_project	calendar02	1.0.0	cpe:2.3:a:calendar02_project:calendar02:1.0.0::::free:::
calendarform01_project	calendarform01	*	cpe:2.3:a:calendarform01_project:calendarform01:::::free:::*
gallery01_project	gallery01	*	cpe:2.3:a:gallery01_project:gallery01:::::free:::*
link01_project	link01	1.0.0	cpe:2.3:a:link01_project:link01:1.0.0::::free:::
pkobo-news01_project	pkobo-news01	*	cpe:2.3:a:pkobo-news01_project:pkobo-news01:::::free:::*
pkobo-vote01_project	pkobo-vote01	*	cpe:2.3:a:pkobo-vote01_project:pkobo-vote01:::::free:::*
telop01_project	telop01	1.0.0	cpe:2.3:a:telop01_project:telop01:1.0.0::::free:::

References

jvn.jp/en/jp/JVN73169744/index.html

www.php-factory.net/calendar/01.php

www.php-factory.net/calendar/02.php

www.php-factory.net/calendar_form/01.php

www.php-factory.net/gallery/01.php

www.php-factory.net/link/01.php

www.php-factory.net/news/pkobo-news01.php

www.php-factory.net/telop/01.php

www.php-factory.net/vote/01.php

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.08

Percentile

94.4%

JSON

Related for NVD:CVE-2020-5616

prion1 cve1 cvelist1 jvn1