Vulnerability Description
themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Themegrill | Themegrill Demo Importer | < 1.6.2 |
Related Weaknesses (CWE)
References
- https://www.openwall.com/lists/oss-security/2020/02/19/1ExploitMailing ListPatch
- https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/ExploitPatchThird Party Advisory
- https://www.openwall.com/lists/oss-security/2020/02/19/1ExploitMailing ListPatch
- https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/ExploitPatchThird Party Advisory
FAQ
What is CVE-2020-36333?
CVE-2020-36333 is a vulnerability with a CVSS score of 9.1 (CRITICAL). themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.
How severe is CVE-2020-36333?
CVE-2020-36333 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-36333?
Check the references section above for vendor advisories and patch information. Affected products include: Themegrill Themegrill Demo Importer.