CVE-2020-10560

Published: Mar 30, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read

x_refsource_MISC

https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-10560

Description

Affected Products

References