Vulnerability CVE-2020-19964

Vulnerability CVE-2020-19964

Published: 2021-10-14

Description:

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Phpmywind -> Phpmywind

References:

https://github.com/gaozhifeng/PHPMyWind

https://github.com/gaozhifeng/PHPMyWind/issues/9

http://phpmywind.com

Copyright 2024, cxsecurity.com