exploitDog

CVE-2020-8088

Опубликовано: 27 янв. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

Ссылки

https://xavibel.com/2020/01/22/usebb-forum-php-type-juggling-vulnerability/
Exploit
Third Party Advisory
https://xavibel.com/2020/01/22/usebb-forum-php-type-juggling-vulnerability/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:usebb:usebb:1.0.12:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.0015

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j4gr-93r2-5wx9

github

больше 3 лет назад

panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.

EPSS

Процентиль: 36%

0.0015

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo