Vulnerability Details CVE-2020-10560
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.061
EPSS Ranking 90.3%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2020-10560
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:-
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:4.3
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:4.3.1
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:4.4
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:4.6
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:5.0
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:5.1
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:5.2
-
cpe:2.3:a:opensource-socialnetwork:open_source_social_network:5.3