CVE-2020-36542

Опубликовано: 07 июн. 2022

Источник: nvd

CVSS3: 7.3

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Ссылки

https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian
Exploit
Patch
Third Party Advisory
https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3
Patch
Third Party Advisory
https://vuldb.com/?id.159435
Third Party Advisory
https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian
Exploit
Patch
Third Party Advisory
https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3
Patch
Third Party Advisory
https://vuldb.com/?id.159435
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:demokratian:demokratian:-:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.0046

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-269

Связанные уязвимости

GHSA-3j4m-48vr-7w3h

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 64%

0.0046

Низкий

7.3 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-269