Vulnerabilities > CVE-2020-21554 - Unspecified vulnerability in Tinyrise Tinyshop 3.1.1

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

tinyrise

NVD

Published: 2022-03-25

Updated: 2022-03-31

Summary

A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.

Vulnerable Configurations

Part	Description	Count
Application	Tinyrise Tinyrise Tinyshop 3.1.1	1

References

http://tinyrise.com/down.html
http://tinyrise.com/
https://imgur.com/pA8OWxa
https://imgur.com/dg1DM5T