exploitDog

GHSA-gm98-pmgw-v2qw

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.

Ссылки

EPSS

Процентиль: 57%

0.0035

Низкий

CVE ID

Связанные уязвимости

CVE-2020-8510

CVSS3: 9.8

nvd

около 6 лет назад

An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cookie with the value of admin+1+en (user+perms+lang), one can login as any user without a password.

EPSS

Процентиль: 57%

0.0035

Низкий

CVE ID