Session Fixation Vulnerability in WonderCMS Before 2.5.2
CVE-2018-14387

8.8HIGH

Key Information:

Vendor

Wondercms

Status
Wondercms
Vendor
CVE Published:
18 July 2018

What is CVE-2018-14387?

A vulnerability found in WonderCMS before version 2.5.2 allows attackers to exploit session fixation techniques. By initiating a session before the victim logs in, an attacker can obtain the session identifier and lure the victim into authenticating their account through this compromised session. This enables unauthorized access to the victim's account, highlighting a significant security risk for users of the affected version of the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/robiso/wondercms/issues/64
x_refsource_MISC
https://www.wondercms.com/whatsnew
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.