CVE-2020-36913

Name of the Vulnerable Software and Affected Versions All-Dynamics Software enlogic:show version 2.0.2

Description An issue exists where attackers can set a predefined PHP session identifier during the login process. By forging HTTP GET requests to the endpoint 'welcome.php' using a manipulated session token, authentication can be bypassed, potentially leading to cross-site request forgery attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.