exploitDog

CVE-2020-24739

Опубликовано: 10 сент. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.

Ссылки

https://github.com/idreamsoft/iCMS/issues/76
Exploit
Issue Tracking
Third Party Advisory
https://github.com/idreamsoft/iCMS/issues/76
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:idreamsoft:icms:7.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00098

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-9pq6-xhx5-v6v6

github

больше 3 лет назад

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.

EPSS

Процентиль: 27%

0.00098

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-352