| |
Vulnerability CVE-2018-16239
Published: 2018-08-30 Modified: 2018-08-31
| Description: |
An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses. |
Type:
CWE-330 (Use of Insufficiently Random Values)
CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
None |
None |
References: |
https://github.com/howchen/howchen/issues/2
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
