CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
fork-cmsfork_cms
𝑥
< 5.8.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://forkcms.com
http://seclists.org/fulldisclosure/2021/Mar/31
https://tech.feedyourhead.at/content/ForkCMS-PHP-Object-Injection-CVE-2020-24036
https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-04
http://forkcms.com
http://seclists.org/fulldisclosure/2021/Mar/31
https://tech.feedyourhead.at/content/ForkCMS-PHP-Object-Injection-CVE-2020-24036
https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-04