CVE-2020-18741
First published: Thu Jul 08 2021(Updated: )
Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any user's photo via the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thinksaas | =2.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-18741?
CVE-2020-18741 is a vulnerability in ThinkSAAS v2.7 that allows remote attackers to modify the description of any user's photo.
How can this vulnerability be exploited?
This vulnerability can be exploited by remote attackers using the "photoid%5B%5D" and "photodesc%5B%5D" parameters in the component "index.php?app=photo."
What is the severity of CVE-2020-18741?
The severity of CVE-2020-18741 is medium, with a CVSS score of 5.3.
Which version of ThinkSAAS is affected by this vulnerability?
ThinkSAAS v2.7 is affected by this vulnerability.
Is there a fix available for this vulnerability?
There is currently no available fix for this vulnerability. It is recommended to apply any patches or updates provided by the vendor when they become available.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/thinksaas
- canonical/thinksaas
- version/thinksaas/2.7