CVE-2020-5203 Information

Description

In Fat-Free Framework 3.7.1 attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g. $_REQUEST $_GET or $_POST) to the framework’s Clear method.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/bcosca/fatfree/releases https://github.com/bcosca/fatfree-core/commit/dae95a0baf3963a9ef87c17cee52f78f77e21829

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8