Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-5616
HistoryAug 04, 2020 - 2:15 a.m.

CVE-2020-5616

2020-08-0402:15:11
CWE-287
[email protected]
web.nvd.nist.gov
33
cve
security
authentication bypass
administrative privileges
remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.071 Low

EPSS

Percentile

94.0%

JSON

[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.

Affected configurations

NVD
Node
calendar01_projectcalendar01Match1.0.0free
OR
calendar02_projectcalendar02Match1.0.0free
OR
calendarform01_projectcalendarform01Range1.0.3free
OR
gallery01_projectgallery01Range1.0.3free
OR
link01_projectlink01Match1.0.0free
OR
pkobo-news01_projectpkobo-news01Range1.0.3free
OR
pkobo-vote01_projectpkobo-vote01Range1.0.1free
OR
telop01_projecttelop01Match1.0.0free

CNA Affected

[
  {
    "product": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
    "vendor": "PHP Factory",
    "versions": [
      {
        "status": "affected",
        "version": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
jvn 1
cvelist
cvelist
CVE-2020-5616
2020-08-04 01:05:50
prion
prion
Authentication flaw
2020-08-04 02:15:00
nvd
nvd
CVE-2020-5616
2020-08-04 02:15:11
jvn
jvn
JVN#73169744: Multiple vulnerabilities in multiple PHP Factory products
2020-07-31 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.071 Low

EPSS

Percentile

94.0%

JSON
Related for CVE-2020-5616
cvelist1prion1nvd1jvn1