Vulnerabilities > CVE-2020-21554 - Unspecified vulnerability in Tinyrise Tinyshop 3.1.1

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
tinyrise

Summary

A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.

Vulnerable Configurations

Part Description Count
Application
Tinyrise
1