CVE-2020-25987

Опубликовано: 06 окт. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.

Ссылки

http://packetstormsecurity.com/files/159430/MonoCMS-Blog-1.0-File-Deletion-CSRF-Hardcoded-Credentials.html
Exploit
Third Party Advisory
VDB Entry
https://monocms.com/download
Product
Vendor Advisory
http://packetstormsecurity.com/files/159430/MonoCMS-Blog-1.0-File-Deletion-CSRF-Hardcoded-Credentials.html
Exploit
Third Party Advisory
VDB Entry
https://monocms.com/download
Product
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:monocms:monocms:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00306

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-j7hx-82r8-x847

github

больше 3 лет назад

MonoCMS Blog version as of 29-09-2020 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog. Hash type is bcrypt and hashcat mode 3200 can be used to crack the hash.