Session Fixation Vulnerability in WonderCMS Before 2.5.2
CVE-2018-14387

8.8HIGH

Key Information:

Vendor: Wondercms
Status: Wondercms
Vendor: CVE Published:; 18 July 2018

What is CVE-2018-14387?

A vulnerability found in WonderCMS before version 2.5.2 allows attackers to exploit session fixation techniques. By initiating a session before the victim logs in, an attacker can obtain the session identifier and lure the victim into authenticating their account through this compromised session. This enables unauthorized access to the victim's account, highlighting a significant security risk for users of the affected version of the application.

References

https://github.com/robiso/wondercms/issues/64

x_refsource_MISC

https://www.wondercms.com/whatsnew

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 18, 2018

Wondercms

What is CVE-2018-14387?

References

CVSS V3.1

Timeline