PT-2021-16894 · Unknown · Camaleon Cms
Published
2021-10-20
·
Updated
2022-05-24
·
CVE-2021-25970
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Camaleon CMS versions 0.1.7 through 2.6.0
Description
The issue arises when the admin changes a user's password, but the active session of the user is not terminated. As a result, a user who was already logged in will still have access to the application even after their password was changed.
Recommendations
For Camaleon CMS versions 0.1.7 through 2.6.0, update to version 2.6.0.1 or later to resolve the issue.
Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Camaleon Cms