Humhub
CVE-2021-43847
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (github) · only source for this CVE.
CVSS VectorVendor: github
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue.
AnalysisAI
HumHub is an open-source social network kit written in PHP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-285. HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue. Affected products include: Humhub. Version information: version 1.10.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListControlle
HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HT
Generation of Error Message Containing Sensitive Information in HumHub GmbH & Co. Rated medium severity (CVSS 6.9), this
Cross-site scripting in HumHub 1.18.0's Button component allows unauthenticated attackers to inject and execute maliciou
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in /s/adada/cfiles/upload in Humhub 1.3.10 Community
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Editi
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allow
HumHub is an Open Source Enterprise Social Network. Rated medium severity (CVSS 4.8), this vulnerability is remotely exp
HumHub is an Open Source Enterprise Social Network. Rated high severity (CVSS 7.1), this vulnerability is remotely explo
Same weakness CWE-285 – Improper Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today