Описание
delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:professional_home_page_tools:professional_home_page_tools_guestbook:*:*:*:*:*:*:*:*
EPSS
Процентиль: 70%
0.00622
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
delcookie.php in Professional Home Page Tools Guestbook changes the expiration date of a cookie instead of deleting the cookie's value, which makes it easier for attackers to steal the cookie and obtain the administrator's password hash after logout.
EPSS
Процентиль: 70%
0.00622
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other