CVE-2020-10560

MEDIUM LAB

Open Source Social Network < 5.3 - Arbitrary File Read via Weak PRNG in SiteKey

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-10560. PoCs published by kevthehermit, alex-seymour.

AI-analyzed exploit summary This repository contains a working PoC for CVE-2020-10560, an arbitrary file read vulnerability in Open Source Social Network (OSSN). The exploit leverages weak encryption in the `comment/staticimage` endpoint to read arbitrary files by crafting malicious requests.

Description

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

Exploits (3)

nomisec WORKING POC 8 stars
by kevthehermit · poc
https://github.com/kevthehermit/CVE-2020-10560

This repository contains a working PoC for CVE-2020-10560, an arbitrary file read vulnerability in Open Source Social Network (OSSN). The exploit leverages weak encryption in the `comment/staticimage` endpoint to read arbitrary files by crafting malicious requests.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Open Source Social Network (OSSN)
No auth needed
Prerequisites: knowledge of the site key · access to the target OSSN instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by alex-seymour · poc
https://github.com/alex-seymour/CVE-2020-10560-Key-Recovery

This repository contains a proof-of-concept for CVE-2020-10560, which exploits an arbitrary file read vulnerability in OSSN (Open Source Social Network) to recover the site_key used for AES encryption. The PoC includes utilities for base64 encoding/decoding and AES operations to facilitate key recovery.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Open Source Social Network (OSSN) 5.3 and above
No auth needed
Prerequisites: Access to the vulnerable OSSN instance · Ability to read arbitrary files via the vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WORKING POC
poc
https://github.com/lucidunicorn/cve-2020-10560-key-recovery

This repository contains a functional PoC for CVE-2020-10560, which recovers the `site_key` for Open Source Social Network (OSSN) 5.3 and above. The exploit leverages an arbitrary file read vulnerability to extract the AES-encrypted key and decrypt it using included libraries (base64 and tiny-AES-c).

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Open Source Social Network (OSSN) 5.3+
No auth needed
Prerequisites: Access to the vulnerable OSSN instance · Ability to read arbitrary files via the vulnerability
devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://techanarchy.net/blog/cve-2020-10560-ossn-arbitrary-file-read
Third Party Advisory x_refsource_misc
https://github.com/LucidUnicorn/CVE-2020-10560-Key-Recovery

Scores

CVSS v3 5.9
EPSS 0.0606
EPSS Percentile 91.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull mysql:5.7

Details

CWE
CWE-338
Status published
Products (1)
opensource-socialnetwork/open_source_social_network < 5.3
Published Mar 30, 2020
Tracked Since Feb 18, 2026