Vulnerabilities

CVE-2020-24271

February 6, 2021

A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***.

Summary:

Reference Links(if available):

https://github.com/users/yohoho221/projects/1

CVSS Score (if available)

v2: / MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P

v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Links to Exploits(if available)

Tags: CVE, CVE-2020-24271, exploit, MISC, vulnerability

CVE-2020-24271

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: CISA and Partners Release Advisory on Akira Ransomware

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

CISA: CISA Releases Three Industrial Control Systems Advisories

CISA: CISA Releases Four Industrial Control Systems Advisories

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

CISA: Joint Guidance on Deploying AI Systems Securely

CISA: CISA and Partners Release Advisory on Akira Ransomware