PT-2018-12481 · Wondercms · Wondercms

Anusya Angamuthu

Publicado

2018-07-18

Atualizado

2018-09-19

CVE-2018-14387

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WonderCMS versions prior to 2.5.2

Description An issue allows an attacker to create a new session on a web application, record the associated session identifier, and then cause the victim to authenticate against the server using the same session identifier. This enables the attacker to access the user's account through the active session. The attack fixes a session on the victim's browser before the user logs in.

Recommendations For versions prior to 2.5.2, update to version 2.5.2 or later to resolve the issue.

Exploit

Correção

Session Fixation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384

Identificadores relacionados

CVE-2018-14387

Produtos afetados

Wondercms

PT-2018-12481 · Wondercms · Wondercms

CVE-2018-14387

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4