Arbitrary Code Execution and Privilege Escalation via Cross Site Request Forgery in Neeke HongCMS 3.0.0

Arbitrary Code Execution and Privilege Escalation via Cross Site Request Forgery in Neeke HongCMS 3.0.0

CVE-2020-21252 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.

Learn more about our Cms Pen Testing.