Описание
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:the_php_group:pear_html_quickform_controller:1.0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00391
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.
EPSS
Процентиль: 60%
0.00391
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other