exploitDog

CVE-2018-20519

Опубликовано: 27 дек. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.

Ссылки

https://github.com/coolboy0816/audit/issues/2
Exploit
Issue Tracking
Third Party Advisory
https://github.com/coolboy0816/audit/issues/2
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:74cms:74cms:4.2.111:*:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.00183

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-fvjc-j5cj-ghc3

CVSS3: 8.1

github

больше 3 лет назад

An issue was discovered in 74cms v4.2.111. It allows remote authenticated users to read or modify arbitrary resumes by changing a job-search intention, as demonstrated by the index.php?c=Personal&a=ajax_save_basic pid parameter.

EPSS

Процентиль: 40%

0.00183

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

Уязвимость CVE-2018-20519