CVE-2020-10560

Published: Mar 30, 2020Modified: Jun 17, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

Affected (1)

Products: Opensource Socialnetwork: Open Source Social Network

Opensource Socialnetwork

1 product

Open Source Social Network

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensource Socialnetwork Open Source Social Network	Up to 5.3

Related CWEs

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References (4)

https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery

Source: cve@mitre.org

Third Party Advisory

https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.