PT-2023-4287 · Admidio · Admidio

Publicado

2023-08-05

Atualizado

2023-08-09

CVE-2023-4190

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions admidio/admidio versions prior to 4.2.11

Description The issue is related to insufficient session expiration, which can allow a remote attacker to access confidential information and arbitrary functions of the application. This occurs because a user's session remains valid even after the user has logged out, potentially granting unauthorized access to sensitive areas and functionalities.

Recommendations For versions prior to 4.2.11, update to version 4.2.11 or later to resolve the issue.

Exploit

Correção

Insufficient Session Expiration

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-613

Identificadores relacionados

BDU:2023-04605

CVE-2023-4190

GHSA-QQ8M-9RPX-W2FM

Produtos afetados

Admidio

PT-2023-4287 · Admidio · Admidio

CVE-2023-4190

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9