exploitDog

CVE-2020-23426

Опубликовано: 08 апр. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

Ссылки

https://github.com/Ling-Yizhou/zzcms-vuln/blob/master/Privilege%20Escalation/priviege%20escalation.md
Exploit
Third Party Advisory
https://github.com/Ling-Yizhou/zzcms-vuln/blob/master/Privilege%20Escalation/priviege%20escalation.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zzcms:zzcms:201910:*:*:*:*:*:*:*

EPSS

Процентиль: 31%

0.0012

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-wf3r-vmmg-hh9p

CVSS3: 9.8

github

больше 3 лет назад

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

EPSS

Процентиль: 31%

0.0012

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-352