CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35675

BigProf Online Invoicing System before 3.0 offers a functionality that allows an administrator to move the records of members across groups. The applicable endpoint (admin/pageTransferOwnership.php) lacks CSRF protection, resulting in an attacker being able to escalate their privileges to Administrator and effectively taking over the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.0%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2020-35675

Bigprof » Online Invoicing System » Version: 2.3

cpe:2.3:a:bigprof:online_invoicing_system:2.3
Bigprof » Online Invoicing System » Version: 2.4

cpe:2.3:a:bigprof:online_invoicing_system:2.4
Bigprof » Online Invoicing System » Version: 2.5

cpe:2.3:a:bigprof:online_invoicing_system:2.5
Bigprof » Online Invoicing System » Version: 2.6

cpe:2.3:a:bigprof:online_invoicing_system:2.6
Bigprof » Online Invoicing System » Version: 2.7

cpe:2.3:a:bigprof:online_invoicing_system:2.7
Bigprof » Online Invoicing System » Version: 2.9

cpe:2.3:a:bigprof:online_invoicing_system:2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-35675

Products

Pricing

Contact Us