Last Modified: Nov. 29, 2023
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
Tweets last week: 0
Remaining steady
Yahoo results: 0
Remaining steady
Current EPSS Score: 0.00046
Remaining steady
Reddit Posts: 0
Remaining steady
Github Repos: 0
Remaining steady
Found exploits:
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: None
Base Score: 4.8
Exploitability Score:
2.2
Impact Score: 2.5
CVSS V3: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:armanidrisi:dev_blog:1.0:*:*:*:*:*:*:* Part: a Vendor: armanidrisi | Alle Schwachstellen für armanidrisi | |
Base Score V3:
Not defined
Exploitability Score V3:
Not defined
Impact Score V3:
Not defined
Cvss Vector V3:
Not defined
Configuration:
added:
cpe:2.3:a:armanidrisi:dev_blog:1.0:*:*:*:*:*:*:*
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:armanidrisi:dev_blog:1.0:*:*:*:*:*:*:*"/>
</set>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:armanidrisi:dev_blog:1.0:*:*:*:*:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
</set>