Zurück zur CVE-Übersicht
CVE-2020-24036
HIGH(8.8)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score23/100 — NIEDRIG
- CVSS 8.8 — Hoch
EPSS-Score
3%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
8.8
Technische Schwere
Beschreibung
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Referenzen
- http://packetstormsecurity.com/files/161764/ForkCMS-PHP-Object-Injection.html
- http://seclists.org/fulldisclosure/2021/Mar/31
- https://tech.feedyourhead.at/content/ForkCMS-PHP-Object-Injection-CVE-2020-24036
- https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-s...
- http://forkcms.com
- http://seclists.org/fulldisclosure/2021/Mar/31
- https://tech.feedyourhead.at/content/ForkCMS-PHP-Object-Injection-CVE-2020-24036
- https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-s...