[Japanese]

JVNDB-2020-009141

Local File Inclusion vulnerability in OneThird CMS

Overview

OneThird CMS provided SpiQe Software is a content management system (CMS). OneThird CMS contains a Local File Inclusion vulnerability (CWE-98).
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


SpiQe Software
  • OneThird CMS v1.96c and earlier

Impact

Sensitive information may be obtained or arbitrary code may be executed by an unauthenticated remote attacker.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.
The vulnerability was fixed in v1.96d.
Vendor Information

SpiQe Software
CWE (What is CWE?)

  1. PHP Remote File Inclusion(CWE-98) [Other]
CVE (What is CVE?)

  1. CVE-2020-5640
References

  1. JVN : JVNVU#99467898
  2. National Vulnerability Database (NVD) : CVE-2020-5640
Revision History

  • [2020/10/21]
      Web page was published