Local File Inclusion vulnerability in OneThird CMS


OneThird CMS provided SpiQe Software is a content management system (CMS). OneThird CMS contains a Local File Inclusion vulnerability (CWE-98).
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

SpiQe Software
  • OneThird CMS v1.96c and earlier


Sensitive information may be obtained or arbitrary code may be executed by an unauthenticated remote attacker.

[Update the Software]
Update to the latest version according to the information provided by the developer.
The vulnerability was fixed in v1.96d.
Vendor Information

SpiQe Software
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2020-5640

  1. JVN : JVNVU#99467898
Revision History

  • [2020/10/21]
      Web page was published