CVE-2020-6949

Published: Jan 13, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.

Affected (1)

Products: Hashbrowncms: Hashbrown Cms

Hashbrowncms

1 product

Hashbrown Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hashbrowncms Hashbrown Cms	Up to 1.3.3

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://github.com/HashBrownCMS/hashbrown-cms/issues/327

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/HashBrownCMS/hashbrown-cms/issues/327

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.