CVE-2020-22273 — MEDIUM (6.5)

Vulnerability Description

Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Creativeitem	Neoflex Video Subscription System	2.0

Related Weaknesses (CWE)

CWE-352

References

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22273.pdfThird Party Advisory
https://uploadboy.com/v630a7smyykc/539/mp4Broken Link
https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22273.pdfThird Party Advisory
https://uploadboy.com/v630a7smyykc/539/mp4Broken Link

FAQ

What is CVE-2020-22273?

CVE-2020-22273 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed (such as Payment Settings)

How severe is CVE-2020-22273?

CVE-2020-22273 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-22273?

Check the references section above for vendor advisories and patch information. Affected products include: Creativeitem Neoflex Video Subscription System.