CVE-2020-10487
published 2020-03-12CVE-2020-10487: CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
PriorityP417medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.53%
41.1th percentile
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chadhaajay | phpkb | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)
suricata·2020-02-25·CVSS 9.8
CVE-2020-1938 [CRITICAL] ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)
ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)
Rule: alert tcp any any -> $HOME_NET 8009 (msg:"ET EXPLOIT [401TRG] GhostCat LFI Attempt Inbound (CVE-2020-1938)"; flow:established,to_server; flowbits:set,ET.GhostCat; content:"|12 34|"; depth:2; content:"|00 08|HTTP/1.1|00|"; distance:0; content:"javax.servlet.include.path_info|00|"; nocase; distance:0; content:"javax.servlet.include.request_uri|00|"; content:"javax.servlet.include.servlet_path|00|"; reference:cve,2020-1938; reference:url,www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487; classtype:attempted-admin; sid:2029533; rev:4; metadata:affected_product Apache_Tomcat, attack_target Web_Server, created_at 2020_02_25, cve CVE_2020_1938, deployment Perimeter,
Trendmicro
Busting Ghostcat: Analysis of CVE-2020-1938
blogs_trendmicro·2020-03-10·CVSS 9.8
CVE-2020-1938 [CRITICAL] Busting Ghostcat: Analysis of CVE-2020-1938
Exploits & Vulnerabilities
## Busting Ghostcat: Analysis of CVE-2020-1938
This analysis of the Apache Tomcat vulnerability seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would make it possible to allow an RCE through the vulnerability.
By: Magno Logan 2020/03/10 Read time: ( words)
Save to Folio
Discussions surrounding the Ghostcat vulnerability ( CVE-2020-1938 and CNVD-2020-10487 ) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE).
Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most feared Gh
Trendmicro
Busting Ghostcat: Analysis of CVE-2020-1938
blogs_trendmicro·2020-03-10·CVSS 9.8
CVE-2020-1938 [CRITICAL] Busting Ghostcat: Analysis of CVE-2020-1938
Ausnutzung von Schwachstellen
## Busting Ghostcat: Analysis of CVE-2020-1938
This analysis of the Apache Tomcat vulnerability seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would make it possible to allow an RCE through the vulnerability.
By: Magno Logan Mar 10, 2020 Read time: ( words)
Save to Folio
Discussions surrounding the Ghostcat vulnerability ( CVE-2020-1938 and CNVD-2020-10487 ) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE).
Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most fear
Trendmicro
Busting Ghostcat: Analysis of CVE-2020-1938
blogs_trendmicro·2020-03-10·CVSS 9.8
CVE-2020-1938 [CRITICAL] Busting Ghostcat: Analysis of CVE-2020-1938
Exploits & Vulnerabilities
## Busting Ghostcat: Analysis of CVE-2020-1938
This analysis of the Apache Tomcat vulnerability seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would make it possible to allow an RCE through the vulnerability.
By: Magno Logan Mar 10, 2020 Read time: ( words)
Save to Folio
Discussions surrounding the Ghostcat vulnerability ( CVE-2020-1938 and CNVD-2020-10487 ) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE).
Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most feared
Trendmicro
Busting Ghostcat: Analysis of CVE-2020-1938
blogs_trendmicro·2020-03-10·CVSS 9.8
CVE-2020-1938 [CRITICAL] Busting Ghostcat: Analysis of CVE-2020-1938
Sfruttamento vulnerabilità
## Busting Ghostcat: Analysis of CVE-2020-1938
This analysis of the Apache Tomcat vulnerability seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would make it possible to allow an RCE through the vulnerability.
By: Magno Logan Mar 10, 2020 Read time: ( words)
Save to Folio
Discussions surrounding the Ghostcat vulnerability ( CVE-2020-1938 and CNVD-2020-10487 ) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE).
Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most feared
2020-03-12
Published