Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-5576

Опубликовано: 14 мая 2020
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия до 1.29 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:premium:*:*:*
Версия до 1.29 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 6.3 (включая) до 6.3.11 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 6.3 (включая) до 6.3.11 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 6.5.0 (включая) до 6.5.3 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 6.5.0 (включая) до 6.5.3 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:*:aws:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:-:*:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)
cpe:2.3:a:sixapart:movable_type:*:*:*:*:advanced:*:*:*
Версия от 7.0 (включая) до 7.2.1 (включая)

EPSS

Процентиль: 36%
0.00149
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

ubuntu логотип

CVE-2020-5576

CVSS3: 8.8
ubuntu
больше 5 лет назад

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

debian логотип

CVE-2020-5576

CVSS3: 8.8
debian
больше 5 лет назад

Cross-site request forgery (CSRF) vulnerability in Movable Type series ...

github логотип

GHSA-3pqr-r447-f4mh

github
больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

EPSS

Процентиль: 36%
0.00149
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352