CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-35952

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.0240%
EPSS Percentile1.17th
Published2021年1月3日
Last Modified2024年11月21日

Vulnerability Description

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.

Affected Platforms (CPE)

📦
Php Fusion

Php Fusion

>= 9.0 and < 9.03.90

References & Advisories

🔗 https://github.com/PHPFusion/PHPFusion/issues/2346
🔗 https://github.com/PHPFusion/PHPFusion/issues/2346

相關漏洞威脅

CVE-2010-493110.0

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local fil...

CVE-2020-289049.8

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installatio...

CVE-2020-237549.6

Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to ...

CVE-2020-124618.8

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a c...