CVE-2022-36536

Name of the Vulnerable Software and Affected Versions Syncovery versions 9.47x and below

Description The issue is related to the component post applogin.php, which allows attackers to escalate privileges via creating crafted session tokens. This is associated with the possibility of decoding a session token of the backup tool Syncovery, potentially enabling a remote attacker to elevate their privileges.

Recommendations For Syncovery versions 9.47x and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the post applogin.php component to minimize the risk of exploitation. Avoid using crafted session tokens in the affected component until the issue is resolved.