CVE-2020-27191

{"id": "CVE-2020-27191", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-11-16T16:15:14.837", "references": [{"url": "http://lionwiki.0o.cz/index.php?page=Main+page", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lionwiki.0o.cz/index.php?page=Main+page", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."}, {"lang": "es", "value": "LionWiki versiones anteriores a 3.2.12, permite a un usuario no autenticado leer archivos como usuario del servidor web por medio de una cadena dise\u00f1ada en la variable f1 del archivo index.php, tambi\u00e9n se conoce como Inclusi\u00f3n de Archivo Local. NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"}], "lastModified": "2024-11-21T05:20:50.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lionwiki:lionwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A768A9CC-092E-469B-A7CE-585377034E98", "versionEndExcluding": "3.2.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}