exploitDog

CVE-2018-16239

Опубликовано: 30 авг. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.

Ссылки

https://github.com/howchen/howchen/issues/2
Exploit
Third Party Advisory
https://github.com/howchen/howchen/issues/2
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:damicms:damicms:6.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00441

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-330

Связанные уязвимости

GHSA-wx8f-mrrp-3fv2

CVSS3: 9.8

github

больше 3 лет назад

An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.

EPSS

Процентиль: 63%

0.00441

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-330