Описание
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password.
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.2 (исключая)
cpe:2.3:a:summerpearlgroup:vacation_rental_management_platform:*:*:*:*:*:*:*:*
EPSS
Процентиль: 18%
0.00057
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-286
Связанные уязвимости
CVSS3: 6.5
github
3 месяца назад
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password.
EPSS
Процентиль: 18%
0.00057
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-286