Описание
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
Ссылки
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpgurukul:user_registration_\&_login_and_user_management_system:3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 32%
0.00127
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 9.8
github
10 месяцев назад
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
EPSS
Процентиль: 32%
0.00127
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-384