Описание
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks.
Ссылки
EPSS
Процентиль: 30%
0.00112
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 5.3
github
около 1 месяца назад
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks.
EPSS
Процентиль: 30%
0.00112
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-384