cvelistv5 - CVE-2020-5616

CVE-2020-5616 (GCVE-0-2020-5616)

Vulnerability from cvelistv5

Published

2020-08-04 01:05

Modified

2024-08-04 08:39

Severity ?

CWE

Authentication bypass

Summary

[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.

References

URL

Tags

vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN73169744/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/calendar/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/calendar/02.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/calendar_form/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/gallery/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/link/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/news/pkobo-news01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/telop/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/vote/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN73169744/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/calendar/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/calendar/02.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/calendar_form/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/gallery/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/link/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/news/pkobo-news01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/telop/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/vote/01.php	Product, Third Party Advisory

Impacted products

	Vendor	Product	Version
	PHP Factory	[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]	Version: [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:39:24.038Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/calendar/01.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/calendar/02.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/news/pkobo-news01.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/vote/01.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/telop/01.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/gallery/01.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/calendar_form/01.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.php-factory.net/link/01.php"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
          "vendor": "PHP Factory",
          "versions": [
            {
              "status": "affected",
              "version": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-04T01:05:49",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/calendar/01.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/calendar/02.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/news/pkobo-news01.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/vote/01.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/telop/01.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/gallery/01.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/calendar_form/01.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.php-factory.net/link/01.php"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Factory"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.php-factory.net/calendar/01.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/calendar/01.php"
            },
            {
              "name": "https://www.php-factory.net/calendar/02.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/calendar/02.php"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN73169744/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
            },
            {
              "name": "https://www.php-factory.net/news/pkobo-news01.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/news/pkobo-news01.php"
            },
            {
              "name": "https://www.php-factory.net/vote/01.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/vote/01.php"
            },
            {
              "name": "https://www.php-factory.net/telop/01.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/telop/01.php"
            },
            {
              "name": "https://www.php-factory.net/gallery/01.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/gallery/01.php"
            },
            {
              "name": "https://www.php-factory.net/calendar_form/01.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/calendar_form/01.php"
            },
            {
              "name": "https://www.php-factory.net/link/01.php",
              "refsource": "MISC",
              "url": "https://www.php-factory.net/link/01.php"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2020-5616",
    "datePublished": "2020-08-04T01:05:50",
    "dateReserved": "2020-01-06T00:00:00",
    "dateUpdated": "2024-08-04T08:39:24.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5616\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2020-08-04T02:15:11.657\",\"lastModified\":\"2024-11-21T05:34:22.093\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01] y [Link01] [Calendar01] edici\u00f3n gratuita versi\u00f3n 1.0.0, [Calendar02] edici\u00f3n gratuita versi\u00f3n 1.0.0, [PKOBO-News01] edici\u00f3n gratuita versiones 1.0.3 y anteriores, [PKOBO-vote01] edici\u00f3n gratuita versiones 1.0.1 y anteriores, [Telop01] edici\u00f3n gratuita versi\u00f3n 1.0.0, [Gallery01] edici\u00f3n gratuita versiones 1.0.3 y anteriores, [CalendarForm01] edici\u00f3n gratuita versiones 1.0.3 y anteriores, y [Link01] edici\u00f3n gratuita versi\u00f3n 1.0.0, permite a atacantes remotos omitir la autenticaci\u00f3n e iniciar sesi\u00f3n en el producto con privilegios administrativos por medio de vectores no especificados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:calendar01_project:calendar01:1.0.0:*:*:*:free:*:*:*\",\"matchCriteriaId\":\"362A0450-C4C0-495A-96C9-5D16FD495C60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:calendar02_project:calendar02:1.0.0:*:*:*:free:*:*:*\",\"matchCriteriaId\":\"8025765C-C495-4C77-93C4-628456D960F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:calendarform01_project:calendarform01:*:*:*:*:free:*:*:*\",\"versionEndIncluding\":\"1.0.3\",\"matchCriteriaId\":\"31F5125D-A31B-4953-86EC-9F92866FA84E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gallery01_project:gallery01:*:*:*:*:free:*:*:*\",\"versionEndIncluding\":\"1.0.3\",\"matchCriteriaId\":\"5FBE93BB-42C4-47EF-AA9C-22AB5A2326C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:link01_project:link01:1.0.0:*:*:*:free:*:*:*\",\"matchCriteriaId\":\"01C4410F-5427-40B9-8FFA-1F01DF59D99F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pkobo-news01_project:pkobo-news01:*:*:*:*:free:*:*:*\",\"versionEndIncluding\":\"1.0.3\",\"matchCriteriaId\":\"2552B4DC-7388-4CB0-9047-1F32BF12A71B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pkobo-vote01_project:pkobo-vote01:*:*:*:*:free:*:*:*\",\"versionEndIncluding\":\"1.0.1\",\"matchCriteriaId\":\"8A4EDDC1-B85E-4D5C-8B83-8D066A143FC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:telop01_project:telop01:1.0.0:*:*:*:free:*:*:*\",\"matchCriteriaId\":\"BAD24BF8-A32E-44EF-A233-44ABB5283739\"}]}]}],\"references\":[{\"url\":\"https://jvn.jp/en/jp/JVN73169744/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/calendar/01.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/calendar/02.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/calendar_form/01.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/gallery/01.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/link/01.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/news/pkobo-news01.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/telop/01.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/vote/01.php\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN73169744/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/calendar/01.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/calendar/02.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/calendar_form/01.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/gallery/01.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/link/01.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/news/pkobo-news01.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/telop/01.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.php-factory.net/vote/01.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]}]}}"
  }
}

ghsa-73rh-fgwv-4hpw

Vulnerability from github

Published

2022-05-24 17:24

Modified

2022-05-24 17:24

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-5616"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-04T02:15:00Z",
    "severity": "HIGH"
  },
  "details": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.",
  "id": "GHSA-73rh-fgwv-4hpw",
  "modified": "2022-05-24T17:24:57Z",
  "published": "2022-05-24T17:24:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5616"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/calendar/01.php"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/calendar/02.php"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/calendar_form/01.php"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/gallery/01.php"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/link/01.php"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/news/pkobo-news01.php"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/telop/01.php"
    },
    {
      "type": "WEB",
      "url": "https://www.php-factory.net/vote/01.php"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-5616

Vulnerability from jvndb

Published

2020-07-31 16:29

Modified

2020-07-31 16:29

Severity ?

4.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

Multiple vulnerabilities in multiple PHP Factory products

Details

Multiple products provided by PHP Factory contain multiple vulnerabilities listed below. * Cross-site Request Forgery (CWE-352) - CVE-2020-5615 * Authentication bypass (CWE-287) - CVE-2020-5616 Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN73169744/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5615
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5616
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5615
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-5616
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-Site Request Forgery(CWE-352)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	PHP Kobo	[Calendar01] (for 3 Devices) PHP Business Days, Schedule Calendar
	PHP Kobo	PHP Business Days, Schedule Calendar Free (Text input)
	PHP Kobo	(Acceptance Limit)Appoinment, Application Form, Business Calendar Free
	PHP Kobo	Photo Gallery CMS for PC, smartphone and feature phone (Free)
	PHP Kobo	PHP Link CMS Free
	PHP Kobo	PHP New Information, Notice, News CMS Program Free
	PHP Kobo	PHP Vote, Questionnaire System (Preventing Countinuous Voting), CMS Free
	PHP Kobo	[Telop01] PHP Telop, News Sticker, Headline CMS

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000051.html",
  "dc:date": "2020-07-31T16:29+09:00",
  "dcterms:issued": "2020-07-31T16:29+09:00",
  "dcterms:modified": "2020-07-31T16:29+09:00",
  "description": "Multiple products provided by PHP Factory contain multiple vulnerabilities listed below. \r\n* Cross-site Request Forgery (CWE-352) - CVE-2020-5615\r\n* Authentication bypass (CWE-287) - CVE-2020-5616 \r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-000051.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:php_kobo:calendar01",
      "@product": "[Calendar01] (for 3 Devices) PHP Business Days, Schedule Calendar",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:php_kobo:calendar02",
      "@product": "PHP Business Days, Schedule Calendar Free (Text input)",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:php_kobo:calendarform01",
      "@product": "(Acceptance Limit)Appoinment, Application Form, Business Calendar Free",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:php_kobo:gallery01",
      "@product": "Photo Gallery CMS for PC, smartphone and feature phone (Free)",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:php_kobo:link01",
      "@product": "PHP Link CMS Free",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:php_kobo:pkobo-news01",
      "@product": "PHP New Information, Notice, News CMS Program Free",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:php_kobo:pkobo-vote01",
      "@product": "PHP Vote, Questionnaire System (Preventing Countinuous Voting), CMS Free",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:php_kobo:telop01",
      "@product": "[Telop01] PHP Telop, News Sticker, Headline CMS",
      "@vendor": "PHP Kobo",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2020-000051",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN73169744/index.html",
      "@id": "JVN#73169744",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5615",
      "@id": "CVE-2020-5615",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5616",
      "@id": "CVE-2020-5616",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5615",
      "@id": "CVE-2020-5615",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2020-5616",
      "@id": "CVE-2020-5616",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Multiple vulnerabilities in multiple PHP Factory products"
}

fkie_cve-2020-5616

Vulnerability from fkie_nvd

Published

2020-08-04 02:15

Modified

2024-11-21 05:34

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN73169744/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/calendar/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/calendar/02.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/calendar_form/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/gallery/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/link/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/news/pkobo-news01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/telop/01.php	Product, Third Party Advisory
vultures@jpcert.or.jp	https://www.php-factory.net/vote/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN73169744/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/calendar/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/calendar/02.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/calendar_form/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/gallery/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/link/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/news/pkobo-news01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/telop/01.php	Product, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php-factory.net/vote/01.php	Product, Third Party Advisory

Impacted products

Vendor	Product	Version
calendar01_project	calendar01	1.0.0
calendar02_project	calendar02	1.0.0
calendarform01_project	calendarform01	*
gallery01_project	gallery01	*
link01_project	link01	1.0.0
pkobo-news01_project	pkobo-news01	*
pkobo-vote01_project	pkobo-vote01	*
telop01_project	telop01	1.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:calendar01_project:calendar01:1.0.0:*:*:*:free:*:*:*",
              "matchCriteriaId": "362A0450-C4C0-495A-96C9-5D16FD495C60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:calendar02_project:calendar02:1.0.0:*:*:*:free:*:*:*",
              "matchCriteriaId": "8025765C-C495-4C77-93C4-628456D960F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:calendarform01_project:calendarform01:*:*:*:*:free:*:*:*",
              "matchCriteriaId": "31F5125D-A31B-4953-86EC-9F92866FA84E",
              "versionEndIncluding": "1.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gallery01_project:gallery01:*:*:*:*:free:*:*:*",
              "matchCriteriaId": "5FBE93BB-42C4-47EF-AA9C-22AB5A2326C8",
              "versionEndIncluding": "1.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:link01_project:link01:1.0.0:*:*:*:free:*:*:*",
              "matchCriteriaId": "01C4410F-5427-40B9-8FFA-1F01DF59D99F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pkobo-news01_project:pkobo-news01:*:*:*:*:free:*:*:*",
              "matchCriteriaId": "2552B4DC-7388-4CB0-9047-1F32BF12A71B",
              "versionEndIncluding": "1.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:pkobo-vote01_project:pkobo-vote01:*:*:*:*:free:*:*:*",
              "matchCriteriaId": "8A4EDDC1-B85E-4D5C-8B83-8D066A143FC1",
              "versionEndIncluding": "1.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:telop01_project:telop01:1.0.0:*:*:*:free:*:*:*",
              "matchCriteriaId": "BAD24BF8-A32E-44EF-A233-44ABB5283739",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01] y [Link01] [Calendar01] edici\u00f3n gratuita versi\u00f3n 1.0.0, [Calendar02] edici\u00f3n gratuita versi\u00f3n 1.0.0, [PKOBO-News01] edici\u00f3n gratuita versiones 1.0.3 y anteriores, [PKOBO-vote01] edici\u00f3n gratuita versiones 1.0.1 y anteriores, [Telop01] edici\u00f3n gratuita versi\u00f3n 1.0.0, [Gallery01] edici\u00f3n gratuita versiones 1.0.3 y anteriores, [CalendarForm01] edici\u00f3n gratuita versiones 1.0.3 y anteriores, y [Link01] edici\u00f3n gratuita versi\u00f3n 1.0.0, permite a atacantes remotos omitir la autenticaci\u00f3n e iniciar sesi\u00f3n en el producto con privilegios administrativos por medio de vectores no especificados"
    }
  ],
  "id": "CVE-2020-5616",
  "lastModified": "2024-11-21T05:34:22.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-04T02:15:11.657",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/calendar/01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/calendar/02.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/calendar_form/01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/gallery/01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/link/01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/news/pkobo-news01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/telop/01.php"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/vote/01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/calendar/01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/calendar/02.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/calendar_form/01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/gallery/01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/link/01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/news/pkobo-news01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/telop/01.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ],
      "url": "https://www.php-factory.net/vote/01.php"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2020-5616

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2020-5616

Aliases

CVE-2020-5616

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5616",
    "description": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.",
    "id": "GSD-2020-5616"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5616"
      ],
      "details": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.",
      "id": "GSD-2020-5616",
      "modified": "2023-12-13T01:22:03.859070Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2020-5616",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "PHP Factory"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Authentication bypass"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.php-factory.net/calendar/01.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/calendar/01.php"
          },
          {
            "name": "https://www.php-factory.net/calendar/02.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/calendar/02.php"
          },
          {
            "name": "https://jvn.jp/en/jp/JVN73169744/index.html",
            "refsource": "MISC",
            "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
          },
          {
            "name": "https://www.php-factory.net/news/pkobo-news01.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/news/pkobo-news01.php"
          },
          {
            "name": "https://www.php-factory.net/vote/01.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/vote/01.php"
          },
          {
            "name": "https://www.php-factory.net/telop/01.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/telop/01.php"
          },
          {
            "name": "https://www.php-factory.net/gallery/01.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/gallery/01.php"
          },
          {
            "name": "https://www.php-factory.net/calendar_form/01.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/calendar_form/01.php"
          },
          {
            "name": "https://www.php-factory.net/link/01.php",
            "refsource": "MISC",
            "url": "https://www.php-factory.net/link/01.php"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:calendar01_project:calendar01:1.0.0:*:*:*:free:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:calendar02_project:calendar02:1.0.0:*:*:*:free:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:calendarform01_project:calendarform01:*:*:*:*:free:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:gallery01_project:gallery01:*:*:*:*:free:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:link01_project:link01:1.0.0:*:*:*:free:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pkobo-news01_project:pkobo-news01:*:*:*:*:free:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:pkobo-vote01_project:pkobo-vote01:*:*:*:*:free:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:telop01_project:telop01:1.0.0:*:*:*:free:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2020-5616"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.php-factory.net/calendar/02.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/calendar/02.php"
            },
            {
              "name": "https://www.php-factory.net/calendar/01.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/calendar/01.php"
            },
            {
              "name": "https://www.php-factory.net/link/01.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/link/01.php"
            },
            {
              "name": "https://www.php-factory.net/vote/01.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/vote/01.php"
            },
            {
              "name": "https://jvn.jp/en/jp/JVN73169744/index.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN73169744/index.html"
            },
            {
              "name": "https://www.php-factory.net/calendar_form/01.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/calendar_form/01.php"
            },
            {
              "name": "https://www.php-factory.net/news/pkobo-news01.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/news/pkobo-news01.php"
            },
            {
              "name": "https://www.php-factory.net/gallery/01.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/gallery/01.php"
            },
            {
              "name": "https://www.php-factory.net/telop/01.php",
              "refsource": "MISC",
              "tags": [
                "Product",
                "Third Party Advisory"
              ],
              "url": "https://www.php-factory.net/telop/01.php"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-06T20:43Z",
      "publishedDate": "2020-08-04T02:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-5616 (GCVE-0-2020-5616)

Vulnerability from cvelistv5

ghsa-73rh-fgwv-4hpw

Vulnerability from github

CVE-2020-5616

Vulnerability from jvndb

fkie_cve-2020-5616

Vulnerability from fkie_nvd

gsd-2020-5616

Vulnerability from gsd

Tags

Sightings

Nomenclature