{"vulnerability": "CVE-2020-10560", "sightings": [{"uuid": "3867762d-c5bf-4fab-b6e9-0d38005d8b4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10560", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/6352", "content": "CVE-2020-10560 - OSSN Arbitrary File Read\nhttps://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read", "creation_timestamp": "2020-03-31T12:58:04.000000Z"}, {"uuid": "fbc696d6-27d3-4680-9f7b-c8f96d0b763b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-10560", "type": "seen", "source": "https://t.me/cibsecurity/10826", "content": "ATENTION\u203c New - CVE-2020-10560\n\nAn issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-03-30T16:47:25.000000Z"}]}