An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
References
Link | Resource |
---|---|
https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery | Third Party Advisory |
https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-03-30 13:15
Updated : 2024-02-28 17:47
NVD link : CVE-2020-10560
Mitre link : CVE-2020-10560
CVE.ORG link : CVE-2020-10560
JSON object : View
Products Affected
opensource-socialnetwork
- open_source_social_network
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)