exploitDog

CVE-2021-37333

Опубликовано: 04 окт. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.

Ссылки

https://www.navidkagalwalla.com/booking-core-vulnerabilities
Exploit
Third Party Advisory
https://www.navidkagalwalla.com/booking-core-vulnerabilities
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bookingcore:booking_core:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00377

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-613

Связанные уязвимости

GHSA-9rfx-mm7m-3cg2

github

больше 3 лет назад

Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.

EPSS

Процентиль: 59%

0.00377

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-613