CVE-2020-20472

EUVD-2020-13259
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The if_get_addbook.php file does not have an authentication operation. Remote attackers can obtain username information for all users of the current site.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
white_shark_systems_projectwhite_shark_systems
1.3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/itodaro/WhiteSharkSystem_cve
https://github.com/itodaro/WhiteSharkSystem_cve