CVE-2020-5616 Information

Description

[Calendar01] [Calendar02] [PKOBO-News01] [PKOBO-vote01] [Telop01] [Gallery01] [CalendarForm01] and [Link01] [Calendar01] free edition ver1.0.0 [Calendar02] free edition ver1.0.0 [PKOBO-News01] free edition ver1.0.3 and earlier [PKOBO-vote01] free edition ver1.0.1 and earlier [Telop01] free edition ver1.0.0 [Gallery01] free edition ver1.0.3 and earlier [CalendarForm01] free edition ver1.0.3 and earlier and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://jvn.jp/en/jp/JVN73169744/index.html https://www.php-factory.net/calendar/01.php https://www.php-factory.net/calendar/02.php https://www.php-factory.net/calendar_form/01.php https://www.php-factory.net/gallery/01.php https://www.php-factory.net/link/01.php https://www.php-factory.net/news/pkobo-news01.php https://www.php-factory.net/telop/01.php https://www.php-factory.net/vote/01.php

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8