PT-2021-3454 · Unknown · White Shark System

Published

2021-06-21

Updated

2021-06-23

CVE-2020-20472

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions White Shark System (WSS) version 1.3.2

Description The issue is related to a sensitive information disclosure. The if get addbook.php file lacks an authentication operation, allowing remote attackers to obtain username information for all users of the current site. This can lead to unauthorized access to protected information.

Recommendations For White Shark System (WSS) version 1.3.2, consider implementing authentication for the if get addbook.php file to prevent unauthorized access. As a temporary workaround, restrict access to the if get addbook.php file until a proper authentication mechanism is in place.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2021-03314

CVE-2020-20472

Affected Products

White Shark System

PT-2021-3454 · Unknown · White Shark System

CVE-2020-20472

Weakness Enumeration

Related Identifiers

Affected Products

References · 6