VDB-215116 · CVE-2020-36610 · CVE-2020-21881

annyshow DuxCMS 2.1 跨网站请求伪造

在annyshow DuxCMS 2.1中曾发现一漏洞, 此漏洞被申报为棘手。此漏洞会影响未知代码。手动调试的不合法输入可导致跨网站请求伪造。使用CWE来声明会导致 CWE-352 的问题。此漏洞的脆弱性 2022-12-08所发布。公告共享下载网址是gitee.com。该漏洞被命名为CVE-2020-36610，攻击可以远程发起，无技术细节可用。此外还有一个漏洞可利用。该漏洞利用已公开，可能会被利用。漏洞利用的当前现价为美元计算大致为USD $0-$5k。它被宣布为proof-of-concept。可以在gitee.com下载该漏洞利用。估计零日攻击的地下价格约为$0-$5k。该漏洞被披露后，远在此前发表过可能的缓解措施。

字段	2023-01-01 14時07分	2023-01-01 14時10分	2023-07-31 16時52分
vendor	annyshow	annyshow	annyshow
name	DuxCMS	DuxCMS	DuxCMS
version	2.1	2.1	2.1
cwe	352 (跨网站请求伪造)	352 (跨网站请求伪造)	352 (跨网站请求伪造)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
url	https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG	https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG	https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG
availability	1	1	1
publicity	1	1	1
url	https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG	https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG	https://gitee.com/annyshow/DuxCMS2.1/issues/I183GG
cve	CVE-2020-36610	CVE-2020-36610	CVE-2020-36610
responsible	VulDB	VulDB	VulDB
date	1670454000 (2022-12-08)	1670454000 (2022-12-08)	1670454000 (2022-12-08)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	5.5	5.5
cvss3_meta_tempscore	3.9	5.4	5.4
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned	1670454000 (2022-12-08)	1670454000 (2022-12-08)	1670454000 (2022-12-08)
cve_nvd_summary	A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.	A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.	A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.
cvss3_nvd_av		N	N
cvss3_nvd_ac		L	L
cvss3_nvd_pr		L	L
cvss3_nvd_ui		R	R
cvss3_nvd_s		U	U
cvss3_nvd_c		H	H
cvss3_nvd_i		H	H
cvss3_nvd_a		H	H
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		R	R
cvss3_cna_s		U	U
cvss3_cna_c		N	N
cvss3_cna_i		L	L
cvss3_cna_a		N	N
cve_cna		VulDB	VulDB
cvss3_nvd_basescore		8.0	8.0
cvss3_cna_basescore		4.3	4.3
cve_duplicate			CVE-2020-21881

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!