CVE-2020-15958

HIGH Year: 2020
CVSS v3 Score
8.6
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-639
View all →

Vulnerability Description

An issue was discovered in 1CRM System through 8.6.7. An insecure direct object reference to internally stored files allows a remote attacker to access various sensitive information via an unauthenticated request with a predictable URL.

Related Vulnerabilities

CVE-2022-4686

HIGH
CVSS:8.6(High)

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.

CWE-6392022

CVE-2022-4798

HIGH
CVSS:8.6(High)

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CWE-6392022

CVE-2022-4799

HIGH
CVSS:8.6(High)

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CWE-6392022

CVE-2022-4812

HIGH
CVSS:8.6(High)

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CWE-6392022

CVE-2025-26788

HIGH
CVSS:8.4(High)

StrongKey FIDO Server before 4.15.1 treats a non-discoverable (namedcredential) flow as a discoverable transaction.

CWE-6392025

CVE-2014-8356

HIGH
CVSS:8.8(High)

The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct...

CWE-6392014