Vulnerability CVE-2020-10560
Published: 2020-03-30

Description:
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

Type:

CWE-327

 (Use of a Broken or Risky Cryptographic Algorithm)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Opensource-socialnetwork -> Open source social network 

 References:
https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery
https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read
Copyright 2024, cxsecurity.com

 

Back to Top