Published:2020/07/31  Last Updated:2020/07/31

JVN#73169744
Multiple vulnerabilities in multiple PHP Factory products

Overview

Multiple products provided by PHP Factory contain multiple vulnerabilities.

Products Affected

CVE-2020-5615

  • [Calendar01] free edition ver1.0.0
  • [Calendar02] free edition ver1.0.0
CVE-2020-5616
  • [Calendar01] free edition ver1.0.0
  • [Calendar02] free edition ver1.0.0
  • [PKOBO-News01] free edition ver1.0.3 and earlier
  • [PKOBO-vote01] free edition ver1.0.1 and earlier
  • [Telop01] free edition ver1.0.0
  • [Gallery01] free edition ver1.0.3 and earlier
  • [CalendarForm01] free edition ver1.0.3 and earlier
  • [Link01] free edition ver1.0.0

Description

Multiple products provided by PHP Factory contain multiple vulnerabilities listed below.

  • Cross-site Request Forgery (CWE-352) - CVE-2020-5615
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score: 4.3
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6
  • Authentication bypass (CWE-287) - CVE-2020-5616
    CVSS v3 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score: 4.8
    CVSS v2 AV:N/AC:H/Au:N/C:P/I:P/A:N Base Score: 4.0

Impact

  • If a user views a malicious page while logged in, unintended operations may be performed - CVE-2020-5615
  • A remote attacker under certain conditions may log in to the product with administrative privileges - CVE-2020-5616

Solution

Update the software - CVE-2020-5615
Update the software to the latest version according to the information provided by the developer.

Add code to the affected file - CVE-2020-5616
Add code to the affected file according to the information provided by the developer.

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5615
CVE-2020-5616
JVN iPedia JVNDB-2020-000051