PT-2018-13452 · Damicms · Damicms
Howchen
·
Published
2018-08-30
·
Updated
2019-10-03
·
CVE-2018-16239
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
damiCMS version 6.0.1
Description
An issue was discovered where the software relies on the PHP
time() function for cookies. This makes it possible to determine the cookie for an existing admin session via a certain number of guesses.Recommendations
For damiCMS version 6.0.1, consider implementing a more secure method for generating cookies to prevent guessing attacks. As a temporary workaround, restrict access to admin sessions to minimize the risk of exploitation.
Exploit
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Damicms