Описание
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:domainmod:domainmod:4.15.0:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01477
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613
Связанные уязвимости
github
больше 3 лет назад
DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.
EPSS
Процентиль: 81%
0.01477
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-613