exploitDog

CVE-2013-2499

Опубликовано: 27 янв. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.

Ссылки

http://www.openwall.com/lists/oss-security/2013/04/17/1
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/59255
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/83629
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2013/04/17/1
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/59255
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/83629
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:simplehrm:simplehrm:*:*:*:*:*:*:*:*

Версия до 2.3 (включая)

EPSS

Процентиль: 78%

0.01163

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-w2rx-6hqj-cx84

github

почти 4 года назад

SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie.

EPSS

Процентиль: 78%

0.01163

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200