exploitDog

CVE-2017-8081

Опубликовано: 30 апр. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.

Ссылки

https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1224
Issue Tracking
Vendor Advisory
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1224
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cagintranetworks:getsimple_cms:3.3.13_:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00351

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-338

Связанные уязвимости

GHSA-3rrq-p5gv-7828

CVSS3: 8.8

github

больше 3 лет назад

Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.

EPSS

Процентиль: 57%

0.00351

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-338