CVE-2020-5616 — CRITICAL (9.8)

Q: How severe is CVE-2020-5616?

CVE-2020-5616 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-5616?

Check the references section above for vendor advisories and patch information. Affected products include: Calendar01 Project Calendar01, Calendar02 Project Calendar02, Calendarform01 Project Calendarform01, Gallery01 Project Gallery01, Link01 Project Link01.

Vulnerability Description

[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Calendar01 Project	Calendar01	1.0.0
Calendar02 Project	Calendar02	1.0.0
Calendarform01 Project	Calendarform01	<= 1.0.3
Gallery01 Project	Gallery01	<= 1.0.3
Link01 Project	Link01	1.0.0
Pkobo-News01 Project	Pkobo-News01	<= 1.0.3
Pkobo-Vote01 Project	Pkobo-Vote01	<= 1.0.1
Telop01 Project	Telop01	1.0.0

Related Weaknesses (CWE)

CWE-287

References

https://jvn.jp/en/jp/JVN73169744/index.htmlThird Party Advisory
https://www.php-factory.net/calendar/01.phpProductThird Party Advisory
https://www.php-factory.net/calendar/02.phpProductThird Party Advisory
https://www.php-factory.net/calendar_form/01.phpProductThird Party Advisory
https://www.php-factory.net/gallery/01.phpProductThird Party Advisory
https://www.php-factory.net/link/01.phpProductThird Party Advisory
https://www.php-factory.net/news/pkobo-news01.phpProductThird Party Advisory
https://www.php-factory.net/telop/01.phpProductThird Party Advisory
https://www.php-factory.net/vote/01.phpProductThird Party Advisory
https://jvn.jp/en/jp/JVN73169744/index.htmlThird Party Advisory
https://www.php-factory.net/calendar/01.phpProductThird Party Advisory
https://www.php-factory.net/calendar/02.phpProductThird Party Advisory
https://www.php-factory.net/calendar_form/01.phpProductThird Party Advisory
https://www.php-factory.net/gallery/01.phpProductThird Party Advisory
https://www.php-factory.net/link/01.phpProductThird Party Advisory

FAQ

What is CVE-2020-5616?

CVE-2020-5616 is a vulnerability with a CVSS score of 9.8 (CRITICAL). [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01...

How severe is CVE-2020-5616?

CVE-2020-5616 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-5616?

Check the references section above for vendor advisories and patch information. Affected products include: Calendar01 Project Calendar01, Calendar02 Project Calendar02, Calendarform01 Project Calendarform01, Gallery01 Project Gallery01, Link01 Project Link01.