Vulnerability CVE-2018-14387


Published: 2018-07-18

Description:
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.

Type:

CWE-384

(Session Fixation)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Wondercms -> Wondercms 

 References:
https://github.com/robiso/wondercms/issues/64
https://www.wondercms.com/whatsnew

Copyright 2024, cxsecurity.com

 

Back to Top