CVE-2020-24140

Description


Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.

Related CPE's


CvssV3 impact


BaseSeverity

HIGH

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

CHANGED

AttackVector

NETWORK

AvailabilityImpact

LOW

IntegrityImpact

LOW

PrivilegesRequired

NONE

BaseScore

8.3

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Version

3.1

UserInteraction

NONE

CvssV2 impact


AccessComplexity

LOW

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

7.5

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

NONE