PT-2020-16092 · Simplephpscripts · Simplephpscripts News Script Php Pro

Published

2020-11-24

Updated

2020-11-30

CVE-2020-25473

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SimplePHPscripts News Script PHP Pro version 2.3

Description The issue is related to the improper setting of the HttpOnly Flag from Session Cookies. This could potentially allow unauthorized access to session cookies.

Recommendations For SimplePHPscripts News Script PHP Pro version 2.3, consider updating the session cookie settings to include the HttpOnly Flag to prevent JavaScript access. As a temporary workaround, restrict access to session cookies until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-25473

Affected Products

Simplephpscripts News Script Php Pro

PT-2020-16092 · Simplephpscripts · Simplephpscripts News Script Php Pro

CVE-2020-25473

Related Identifiers

Affected Products

References · 7