Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-10560
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Open Source Social Network 加密问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Open Source Social Network(OSSN)是瑞士Ossn团队的一款源社交网络引擎。 OSSN 5.3及之前版本中存在加密问题漏洞。攻击者可通过对SiteKey实施暴力破解攻击来为components/OssnComments/ossn_com.php和/或libraries/ossn.lib.upgrade.php插入特制的URL利用该漏洞读取任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2020-10560
#POC DescriptionSource LinkShenlong Link
1Nonehttps://github.com/LucidUnicorn/CVE-2020-10560-Key-RecoveryPOC Details
2CVE-2020-10560 OSSN Arbitrary File Readhttps://github.com/kevthehermit/CVE-2020-10560POC Details
3Nonehttps://github.com/alex-seymour/CVE-2020-10560-Key-RecoveryPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-10560
Please Login to view more intelligence information
New Vulnerabilities
Product: n/a
Vendor: n/a
V. Comments for CVE-2020-10560

No comments yet

Leave a comment