CVE-2020-27191 — HIGH (7.5)

Q: How severe is CVE-2020-27191?

CVE-2020-27191 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-27191?

Check the references section above for vendor advisories and patch information. Affected products include: Lionwiki Lionwiki.

Vulnerability Description

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lionwiki	Lionwiki	< 3.2.12

References

http://lionwiki.0o.cz/index.php?page=Main+pageVendor Advisory
https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfiExploitThird Party Advisory
http://lionwiki.0o.cz/index.php?page=Main+pageVendor Advisory
https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfiExploitThird Party Advisory

FAQ

What is CVE-2020-27191?

CVE-2020-27191 is a vulnerability with a CVSS score of 7.5 (HIGH). LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affe...

How severe is CVE-2020-27191?

CVE-2020-27191 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-27191?

Check the references section above for vendor advisories and patch information. Affected products include: Lionwiki Lionwiki.