PT-2012-4043 · Ar · Awcm

Published

2012-11-26

Updated

2017-08-29

CVE-2012-2437

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions ar web content manager (AWCM) version 2.2

Description The issue allows remote attackers to generate arbitrary cookies without requiring authentication. This can be achieved by manipulating the name parameter in conjunction with the content parameter in the cookie gen.php file.

Recommendations For version 2.2, consider restricting access to the cookie gen.php file to require authentication before generating cookies, and validate the name and content parameters to prevent arbitrary cookie generation.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-2437

Affected Products

Awcm

PT-2012-4043 · Ar · Awcm

CVE-2012-2437

Weakness Enumeration

Related Identifiers

Affected Products

References · 5