CVE-2020-35687

Published: Jan 13, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.

Affected (1)

Products: Php Fusion: Phpfusion

Php Fusion

1 product

Phpfusion

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Php Fusion Phpfusion	Version 9.03.90

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/PHPFusion/PHPFusion/issues/2347

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://www.exploit-db.com/exploits/49426

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://github.com/PHPFusion/PHPFusion/issues/2347

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://www.exploit-db.com/exploits/49426

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.