exploitDog

CVE-2020-8439

Опубликовано: 07 мар. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.

Ссылки

http://uploadboy.me/cn40ne6p89t6/POC.mp4.html
Exploit
Third Party Advisory
https://cert.ikiu.ac.ir/public-files/pages/attachments/11/02630f153869936d555a79f89d717f9c.pdf
Mitigation
Third Party Advisory
http://uploadboy.me/cn40ne6p89t6/POC.mp4.html
Exploit
Third Party Advisory
https://cert.ikiu.ac.ir/public-files/pages/attachments/11/02630f153869936d555a79f89d717f9c.pdf
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:monstra:monstra:*:*:*:*:*:*:*:*

Версия до 3.0.4 (включая)

EPSS

Процентиль: 70%

0.00649

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-p533-q52w-q6fm

github

больше 3 лет назад

Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via a modified login parameter to an edit URI, as demonstrated by login=victim to the users/21/edit URI.

EPSS

Процентиль: 70%

0.00649

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-425