Vulnerability Details CVE-2020-35952
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-35952
-
cpe:2.3:a:php-fusion:php-fusion:9.0
-
cpe:2.3:a:php-fusion:php-fusion:9.00
-
cpe:2.3:a:php-fusion:php-fusion:9.03
-
cpe:2.3:a:php-fusion:php-fusion:9.03.00
-
cpe:2.3:a:php-fusion:php-fusion:9.03.10
-
cpe:2.3:a:php-fusion:php-fusion:9.03.20
-
cpe:2.3:a:php-fusion:php-fusion:9.03.30
-
cpe:2.3:a:php-fusion:php-fusion:9.03.40
-
cpe:2.3:a:php-fusion:php-fusion:9.03.50
-
cpe:2.3:a:php-fusion:php-fusion:9.03.60
-
cpe:2.3:a:php-fusion:php-fusion:9.03.70
-
cpe:2.3:a:php-fusion:php-fusion:9.03.80