CVE-2020-36534

Published: Jun 7, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Affected (1)

Products: Easyiicms: Easyiicms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Easyiicms Easyiicms	All versions

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/noumo/easyii/

Source: cna@vuldb.com

Product

https://vuldb.com/?id.160278

Source: cna@vuldb.com

ExploitThird Party AdvisoryVDB Entry

https://github.com/noumo/easyii/

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://vuldb.com/?id.160278

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.