CVE-2020-36542 - OpenCVE

A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Demokratian	Demokratian

Configuration 1 [-]

cpe:2.3:a:demokratian:demokratian:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian
https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3
https://vuldb.com/?id.159435

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2022-06-03T19:11:00

Updated: 2024-08-04T17:30:08.147Z

Reserved: 2022-06-03T00:00:00

Link: CVE-2020-36542

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-07T18:15:11.557

Modified: 2022-06-11T03:54:16.247

Link: CVE-2020-36542

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Demokratian", "vendor": "unspecified", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-03T19:10:59", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian"}, {"tags": ["x_refsource_MISC"], "url": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3"}, {"tags": ["x_refsource_MISC"], "url": "https://vuldb.com/?id.159435"}], "title": "Demokratian install3.php privileges management", "x_generator": "vuldb.com", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@vuldb.com", "ID": "CVE-2020-36542", "REQUESTER": "cna@vuldb.com", "STATE": "PUBLIC", "TITLE": "Demokratian install3.php privileges management"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Demokratian", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": ""}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}]}, "generator": "vuldb.com", "impact": {"cvss": {"baseScore": "7.3", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-269 Improper Privilege Management"}]}]}, "references": {"reference_data": [{"name": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian", "refsource": "MISC", "url": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian"}, {"name": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3", "refsource": "MISC", "url": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3"}, {"name": "https://vuldb.com/?id.159435", "refsource": "MISC", "url": "https://vuldb.com/?id.159435"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:30:08.147Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://vuldb.com/?id.159435"}]}]}, "cveMetadata": {"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2020-36542", "datePublished": "2022-06-03T19:11:00", "dateReserved": "2022-06-03T00:00:00", "dateUpdated": "2024-08-04T17:30:08.147Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:demokratian:demokratian:-:*:*:*:*:*:*:*", "matchCriteriaId": "8922EC18-E26A-4BAD-BBD3-74B8BF3E5937", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Demokratian. Afecta a una parte desconocida del archivo install/install3.php. La manipulaci\u00f3n conlleva a una escalada de privilegios. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido revelada al p\u00fablico y puede ser usada. Es recomendado aplicar un parche para corregir este problema"}], "id": "CVE-2020-36542", "lastModified": "2022-06-11T03:54:16.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2022-06-07T18:15:11.557", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://alquimistadesistemas.com/sql-injection-y-archivo-peligroso-en-demokratian"}, {"source": "cna@vuldb.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://bitbucket.org/csalgadow/demokratian_votaciones/commits/0d073ee461edd5f42528d41e00bf0a7b22e86bb3"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://vuldb.com/?id.159435"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "cna@vuldb.com", "type": "Secondary"}]}