Описание
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
Ссылки
- ExploitThird Party Advisory
- Product
- ExploitThird Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:armanidrisi:dev_blog:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.0007
Низкий
9.1 Critical
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 9.1
github
около 2 лет назад
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
EPSS
Процентиль: 22%
0.0007
Низкий
9.1 Critical
CVSS3
4.8 Medium
CVSS3
Дефекты
CWE-639