Base Score

HIGH7.8

CVE-2020-12468

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/.

VectorLOCAL

Published Bycve@mitre.org

Published DateApr 29, 2020, 21:15

Affected Versions(1)

intelliants/subrion(Packagist)

IntroducedN/A

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
intelliants/subrion(Packagist)	N/A	N/A	N/A

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/belong2yourself/vulnerabilities/tree/master/Subrion%20CMS/CSV%20Injection

Base Score

HIGH7.8

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH