Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-1000152

Опубликовано: 03 нояб. 2017
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:mahara:mahara:15.04:rc1:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04:rc2:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.2:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.3:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.4:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.5:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.04.6:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:mahara:mahara:15.10.0:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mahara:mahara:15.10.2:*:*:*:*:*:*:*

EPSS

Процентиль: 56%
0.00344
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

debian логотип

CVE-2017-1000152

CVSS3: 9.8
debian
больше 8 лет назад

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 a ...

github логотип

GHSA-jp3c-pm6p-jjwv

CVSS3: 9.8
github
больше 3 лет назад

Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged out of Mahara, such as an admin changing another user's account settings.

EPSS

Процентиль: 56%
0.00344
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo