Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by PHP Factory
CVE-2021-20725 (GCVE-0-2021-20725)
Vulnerability from cvelistv5 – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/calendar/01.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN53910556/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Calendar01] free edition |
Affected:
ver1.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Calendar01] free edition",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "ver1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:31.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Calendar01] free edition",
"version": {
"version_data": [
{
"version_value": "ver1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/calendar/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"name": "https://jvn.jp/en/jp/JVN53910556/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20725",
"datePublished": "2021-05-24T03:20:31.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20723 (GCVE-0-2021-20723)
Vulnerability from cvelistv5 – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/mail/01.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN53910556/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [MailForm01] free edition |
Affected:
versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/mail/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[MailForm01] free edition",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:29.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/mail/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[MailForm01] free edition",
"version": {
"version_data": [
{
"version_value": "versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/mail/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/mail/01.php"
},
{
"name": "https://jvn.jp/en/jp/JVN53910556/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20723",
"datePublished": "2021-05-24T03:20:30.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20724 (GCVE-0-2021-20724)
Vulnerability from cvelistv5 – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/telop/01.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN53910556/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Telop01] free edition |
Affected:
ver1.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Telop01] free edition",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "ver1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:30.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Telop01] free edition",
"version": {
"version_data": [
{
"version_value": "ver1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/telop/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/telop/01.php"
},
{
"name": "https://jvn.jp/en/jp/JVN53910556/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20724",
"datePublished": "2021-05-24T03:20:30.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5616 (GCVE-0-2020-5616)
Vulnerability from cvelistv5 – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
VLAI
Summary
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/calendar/01.php | x_refsource_MISC |
| https://www.php-factory.net/calendar/02.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73169744/index.html | x_refsource_MISC |
| https://www.php-factory.net/news/pkobo-news01.php | x_refsource_MISC |
| https://www.php-factory.net/vote/01.php | x_refsource_MISC |
| https://www.php-factory.net/telop/01.php | x_refsource_MISC |
| https://www.php-factory.net/gallery/01.php | x_refsource_MISC |
| https://www.php-factory.net/calendar_form/01.php | x_refsource_MISC |
| https://www.php-factory.net/link/01.php | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] |
Affected:
[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:24.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/news/pkobo-news01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/vote/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/gallery/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar_form/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/link/01.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T01:05:49.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/news/pkobo-news01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/vote/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/gallery/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar_form/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/link/01.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
"version": {
"version_data": [
{
"version_value": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/calendar/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"name": "https://www.php-factory.net/calendar/02.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"name": "https://jvn.jp/en/jp/JVN73169744/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
},
{
"name": "https://www.php-factory.net/news/pkobo-news01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/news/pkobo-news01.php"
},
{
"name": "https://www.php-factory.net/vote/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/vote/01.php"
},
{
"name": "https://www.php-factory.net/telop/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/telop/01.php"
},
{
"name": "https://www.php-factory.net/gallery/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/gallery/01.php"
},
{
"name": "https://www.php-factory.net/calendar_form/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar_form/01.php"
},
{
"name": "https://www.php-factory.net/link/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/link/01.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5616",
"datePublished": "2020-08-04T01:05:50.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:24.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5615 (GCVE-0-2020-5615)
Vulnerability from cvelistv5 – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/calendar/01.php | x_refsource_MISC |
| https://www.php-factory.net/calendar/02.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73169744/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Calendar01] and [Calendar02] |
Affected:
[Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:24.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Calendar01] and [Calendar02]",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "[Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T01:05:49.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Calendar01] and [Calendar02]",
"version": {
"version_data": [
{
"version_value": "[Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/calendar/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"name": "https://www.php-factory.net/calendar/02.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"name": "https://jvn.jp/en/jp/JVN73169744/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5615",
"datePublished": "2020-08-04T01:05:49.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:24.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20725 (GCVE-0-2021-20725)
Vulnerability from nvd – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/calendar/01.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN53910556/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Calendar01] free edition |
Affected:
ver1.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Calendar01] free edition",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "ver1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:31.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Calendar01] free edition",
"version": {
"version_data": [
{
"version_value": "ver1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/calendar/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"name": "https://jvn.jp/en/jp/JVN53910556/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20725",
"datePublished": "2021-05-24T03:20:31.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20723 (GCVE-0-2021-20723)
Vulnerability from nvd – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/mail/01.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN53910556/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [MailForm01] free edition |
Affected:
versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/mail/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[MailForm01] free edition",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:29.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/mail/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[MailForm01] free edition",
"version": {
"version_data": [
{
"version_value": "versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/mail/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/mail/01.php"
},
{
"name": "https://jvn.jp/en/jp/JVN53910556/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20723",
"datePublished": "2021-05-24T03:20:30.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20724 (GCVE-0-2021-20724)
Vulnerability from nvd – Published: 2021-05-24 03:20 – Updated: 2024-08-03 17:53
VLAI
Summary
Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/telop/01.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN53910556/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Telop01] free edition |
Affected:
ver1.0.1 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:53:21.809Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Telop01] free edition",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "ver1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T03:20:30.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2021-20724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Telop01] free edition",
"version": {
"version_data": [
{
"version_value": "ver1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/telop/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/telop/01.php"
},
{
"name": "https://jvn.jp/en/jp/JVN53910556/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN53910556/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2021-20724",
"datePublished": "2021-05-24T03:20:30.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:53:21.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5616 (GCVE-0-2020-5616)
Vulnerability from nvd – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
VLAI
Summary
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/calendar/01.php | x_refsource_MISC |
| https://www.php-factory.net/calendar/02.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73169744/index.html | x_refsource_MISC |
| https://www.php-factory.net/news/pkobo-news01.php | x_refsource_MISC |
| https://www.php-factory.net/vote/01.php | x_refsource_MISC |
| https://www.php-factory.net/telop/01.php | x_refsource_MISC |
| https://www.php-factory.net/gallery/01.php | x_refsource_MISC |
| https://www.php-factory.net/calendar_form/01.php | x_refsource_MISC |
| https://www.php-factory.net/link/01.php | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] |
Affected:
[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:24.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/news/pkobo-news01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/vote/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/gallery/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar_form/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/link/01.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T01:05:49.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/news/pkobo-news01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/vote/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/telop/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/gallery/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar_form/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/link/01.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5616",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01]",
"version": {
"version_data": [
{
"version_value": "[Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/calendar/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"name": "https://www.php-factory.net/calendar/02.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"name": "https://jvn.jp/en/jp/JVN73169744/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
},
{
"name": "https://www.php-factory.net/news/pkobo-news01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/news/pkobo-news01.php"
},
{
"name": "https://www.php-factory.net/vote/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/vote/01.php"
},
{
"name": "https://www.php-factory.net/telop/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/telop/01.php"
},
{
"name": "https://www.php-factory.net/gallery/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/gallery/01.php"
},
{
"name": "https://www.php-factory.net/calendar_form/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar_form/01.php"
},
{
"name": "https://www.php-factory.net/link/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/link/01.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5616",
"datePublished": "2020-08-04T01:05:50.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:24.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5615 (GCVE-0-2020-5615)
Vulnerability from nvd – Published: 2020-08-04 01:05 – Updated: 2024-08-04 08:39
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.php-factory.net/calendar/01.php | x_refsource_MISC |
| https://www.php-factory.net/calendar/02.php | x_refsource_MISC |
| https://jvn.jp/en/jp/JVN73169744/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PHP Factory | [Calendar01] and [Calendar02] |
Affected:
[Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:39:24.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "[Calendar01] and [Calendar02]",
"vendor": "PHP Factory",
"versions": [
{
"status": "affected",
"version": "[Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-04T01:05:49.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2020-5615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "[Calendar01] and [Calendar02]",
"version": {
"version_data": [
{
"version_value": "[Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0"
}
]
}
}
]
},
"vendor_name": "PHP Factory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.php-factory.net/calendar/01.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/01.php"
},
{
"name": "https://www.php-factory.net/calendar/02.php",
"refsource": "MISC",
"url": "https://www.php-factory.net/calendar/02.php"
},
{
"name": "https://jvn.jp/en/jp/JVN73169744/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/jp/JVN73169744/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2020-5615",
"datePublished": "2020-08-04T01:05:49.000Z",
"dateReserved": "2020-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:39:24.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}