Описание
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-36948
- https://vestacp.com
- https://www.exploit-db.com/exploits/49219
- https://www.vulncheck.com/advisories/vestacp-loginas-insufficient-session-validation
- https://www.vulnerability-lab.com/get_content.php?id=2240
- https://www.vulnerability-lab.com/show.php?user=Benjamin%20K.M.
Связанные уязвимости
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.