CVE-2020-6949

EUVD-2020-28090
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
hashbrowncmshashbrown_cms
𝑥
≤ 1.3.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/HashBrownCMS/hashbrown-cms/issues/327
https://github.com/HashBrownCMS/hashbrown-cms/issues/327