CVE-2020-36542

Published: Jun 7, 2022Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Affected (1)

Products: Demokratian: Demokratian

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Demokratian Demokratian	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian

Source: cna@vuldb.com

ExploitPatchThird Party Advisory

https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3

Source: cna@vuldb.com

PatchThird Party Advisory

https://vuldb.com/?id.159435

Source: cna@vuldb.com

Third Party Advisory

https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchThird Party Advisory

https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://vuldb.com/?id.159435

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.