CVE-2020-23426

Critical

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify…

mitre·CWE-352·Published 2021-04-08

CVSS

9.8

EPSS

0.04

KEV

Exploits

cve.orgen

178 chars

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

NVDen

178 chars

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

zzcms versión 201910, contiene una vulnerabilidad de control de acceso por medio de una escalada de privilegios en el archivo /user/adv.php, que permite a un atacante modificar datos para futuros ataques tal y como un CSRF

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H