CVE-2020-20472

White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
white_shark_systems_projectwhite_shark_systems
1.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/itodaro/WhiteSharkSystem_cve
https://github.com/itodaro/WhiteSharkSystem_cve