CVE-2018-16239

Published: Aug 30, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses.

Affected (1)

Products: Damicms: Damicms

Damicms

1 product

Damicms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Damicms Damicms	Version 6.0.1

Related CWEs

CWE-330

Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References (2)

https://github.com/howchen/howchen/issues/2

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/howchen/howchen/issues/2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.