Arbitrary File Read Vulnerability in Open Source Social Network by OSSN
CVE-2020-10560

5.9MEDIUM

Key Information:

Vendor: Opensource-socialnetwork
Status: Open Source Social Network
Vendor: CVE Published:; 30 March 2020

🔔 Create Opensource-socialnetwork Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-10560?

The Open Source Social Network (OSSN) prior to version 5.3 is affected by a vulnerability that allows attackers to exploit user-controlled file paths with weak cryptographic methods. By performing a brute-force attack against the SiteKey, an attacker can gain unauthorized access to any file readable by the web server. This includes critical components of the application such as 'ossn_com.php' and 'ossn.lib.upgrade.php', which can lead to further security issues or data exposure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-10560
Created by kevthehermit

CVE-2020-10560-Key-Recovery
Created by LucidUnicorn

References

https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrar...

x_refsource_MISC

https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 30, 2020
🟡
Public PoC available
Mar 28, 2020
👾
Exploit known to exist
Mar 28, 2020
Vulnerability Reserved
Mar 13, 2020

CVE-2020-10560 Data

JSON