Описание
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Product
- ExploitThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wowonder:wowonder:3.0.4:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.03045
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-330
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.
EPSS
Процентиль: 86%
0.03045
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-330