Vulnerabilities > CVE-2020-24036 - Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Fork-Cms Fork CMS

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
fork-cms
CWE-915
NVD
Published: 2021-03-04
Updated: 2021-07-21

Summary

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.

Vulnerable Configurations

Part Description Count
Application
Fork-Cms
192

Common Weakness Enumeration (CWE)

References