CVE-2012-2437

Name of the Vulnerable Software and Affected Versions ar web content manager (AWCM) version 2.2

Description The issue allows remote attackers to generate arbitrary cookies without requiring authentication. This can be achieved by manipulating the name parameter in conjunction with the content parameter in the cookie gen.php file.

Recommendations For version 2.2, consider restricting access to the cookie gen.php file to require authentication before generating cookies, and validate the name and content parameters to prevent arbitrary cookie generation.