Lucene search

GoogleOSV:CVE-2021-31679

HistoryJul 06, 2022 - 1:15 p.m.

CVE-2021-31679

2022-07-0613:15:09

Google

osv.dev

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members’ account numbers.

CPENameOperatorVersion
pescms-teameq2.2.1
pescms-teameq1.0.3
pescms-teameq2.2.3
pescms-teameq2.3.0
pescms-teameq2.0.2
pescms-teameq2.2.2
pescms-teameq2.0.0
pescms-teameq2.1.0
pescms-teameq2.1.1
pescms-teameq2.3.2

Name	Operator	Version
pescms-team	eq	2.2.1
pescms-team	eq	1.0.3
pescms-team	eq	2.2.3
pescms-team	eq	2.3.0
pescms-team	eq	2.0.2
pescms-team	eq	2.2.2
pescms-team	eq	2.0.0
pescms-team	eq	2.1.0
pescms-team	eq	2.1.1
pescms-team	eq	2.3.2

Rows per page:

1-10 of 141

References

github.com/lazyphp/PESCMS-TEAM/issues/7

github.com/RO6OTXX/pescms_vulnerability

github.com/two-kisses/pescms_vulnerability%2C

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.2%

JSON

Related for OSV:CVE-2021-31679