CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-20586

A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.9%

CVSS Severity

CVSS v3 Score 4.5

CVSS v2 Score 3.5

References

http://www.xyhcms.com/Show/download/id/2/at/0.html
http://xyhcms.com
https://github.com/0xyu/PHP_Learning/issues/4
http://www.xyhcms.com/Show/download/id/2/at/0.html
http://xyhcms.com
https://github.com/0xyu/PHP_Learning/issues/4

Products affected by CVE-2020-20586

Xyhcms » Xyhcms » Version: 3.6

cpe:2.3:a:xyhcms:xyhcms:3.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-20586

Products

Pricing

Contact Us