CVE-2020-35687 Information

Description

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

https://github.com/PHPFusion/PHPFusion/issues/2347 https://www.exploit-db.com/exploits/49426

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3