CVE-2020-5616

high-risk

Published 2020-08-04

[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.

Do I need to act?

3.9% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (8)

Calendar01

Calendar02

Calendarform01

Gallery01

Link01

Pkobo-News01

Pkobo-Vote01

Telop01

Affected Vendors

Calendar01 Project Calendar02 Project Calendarform01 Project Gallery01 Project Link01 Project Pkobo-News01 Project Pkobo-Vote01 Project Telop01 Project

References (18)

Third Party Advisory https://jvn.jp/en/jp/JVN73169744/index.html

Product https://www.php-factory.net/calendar/01.php

Product https://www.php-factory.net/calendar/02.php

Product https://www.php-factory.net/calendar_form/01.php

Product https://www.php-factory.net/gallery/01.php

Product https://www.php-factory.net/link/01.php

Product https://www.php-factory.net/news/pkobo-news01.php

Product https://www.php-factory.net/telop/01.php

Product https://www.php-factory.net/vote/01.php