Vulnerability Details : CVE-2020-35687
Potential exploit
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
Vulnerability category: Cross-site request forgery (CSRF)
Products affected by CVE-2020-35687
- cpe:2.3:a:php-fusion:phpfusion:9.03.90:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-35687
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-35687
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-35687
-
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-35687
-
https://www.exploit-db.com/exploits/49426
PHP-Fusion CMS 9.03.90 - Cross-Site Request Forgery (Delete admin shoutbox message) - PHP webapps ExploitExploit;Third Party Advisory;VDB Entry
-
https://github.com/PHPFusion/PHPFusion/issues/2347
CSRF attack leads to deletion of shoutbox messages · Issue #2347 · PHPFusion/PHPFusion · GitHubExploit;Issue Tracking;Third Party Advisory
Jump to