CVE-2020-6949
HIGHHashBrown CMS < 1.3.3 - Privilege Escalation via postUser Function
Title source: llmDescription
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/HashBrownCMS/hashbrown-cms/issues/327
Scores
CVSS v3
8.8
EPSS
0.0128
EPSS Percentile
66.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-269
Status
published
Products (1)
hashbrowncms/hashbrown_cms
< 1.3.3
Published
Jan 13, 2020
Tracked Since
Feb 18, 2026