Global infos:

A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552.

CVE Status: Modified

References:

[email protected]

[email protected]

[email protected]

af854a3a-2127-422b-91ae-364da2661108

af854a3a-2127-422b-91ae-364da2661108

af854a3a-2127-422b-91ae-364da2661108

Metrics:

Attribute	Value
Attack Complexity	LOW
Attack Vector	ADJACENT_NETWORK
Availability Impact	LOW
Base Score	5.5
Base Severity	MEDIUM
Confidentiality Impact	LOW
Integrity Impact	LOW
Privileges Required	LOW
Scope	UNCHANGED
User Interaction	NONE
Vector String	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability Score	2.1
Impact Score	3.4
Source	[email protected]
Type	Secondary

Links:

Exploit-db
Github