Lucene search

[email protected]NVD:CVE-2020-18326

HistoryMar 04, 2022 - 3:15 p.m.

CVE-2020-18326

2022-03-0415:15:08

CWE-352

[email protected]

web.nvd.nist.gov

intelliants subrion cms

csrf vulnerability

remote unauthenticated user

administrator function

arbitrary administrator user

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.3%

JSON

Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user.

Affected configurations

Nvd

Node

intelliantssubrion_cmsMatch4.2.1

VendorProductVersionCPE
intelliantssubrion_cms4.2.1cpe:2.3:a:intelliants:subrion_cms:4.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
intelliants	subrion_cms	4.2.1	cpe:2.3:a:intelliants:subrion_cms:4.2.1:::::::*

References

intelliants.com

subrion.com

github.com/hamm0nz/CVE-2020-18326

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

55.3%

JSON

Related for NVD:CVE-2020-18326

osv2 prion1 cnvd1 cvelist1 github1 cve1