exploitDog

GHSA-qw2p-v864-678m

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.

Ссылки

EPSS

Процентиль: 46%

0.00236

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-384

Связанные уязвимости

CVE-2018-18380

CVSS3: 5.4

nvd

больше 7 лет назад

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.

EPSS

Процентиль: 46%

0.00236

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-384