Attacker Value
Moderate
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
Required
Privileges Required
None
Attack Vector
Network
3

CVE-2020-35687

Disclosure Date: January 13, 2021
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated
Impact
Techniques
Validation
Validated
Initial Access
Techniques
Validation
Validated
Validated

Description

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.

Add Assessment

CVSS V3 Severity and Metrics
Base Score:
4.3 Medium
Impact Score:
1.4
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
Low
Availability (A):
None

General Information

Vendors

  • php-fusion

Products

  • phpfusion 9.03.90

Exploited in the Wild

Reported by:

Additional Info

Technical Analysis