Lucene search

[email protected]CVE-2016-4828

HistoryJun 25, 2016 - 9:59 p.m.

CVE-2016-4828

2016-06-2521:59:10

CWE-19

[email protected]

web.nvd.nist.gov

cve-2016-4828

collne welcart

e-commerce

plugin

wordpress

session mishandling

remote attackers

access vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

57.7%

JSON

The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.

Affected configurations

NVD

Node

collnewelcart_e-commerceRange<1.8.3wordpress

CPENameOperatorVersion
collne:welcart_e-commercecollne welcart e-commercelt1.8.3

CPE	Name	Operator	Version
collne:welcart_e-commerce	collne welcart e-commerce	lt	1.8.3

References

jvn.jp/en/jp/JVN61578437/index.html

jvndb.jvn.jp/jvndb/JVNDB-2016-000118

www.welcart.com/community/archives/78977

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

57.7%

JSON

Related for CVE-2016-4828

jvn1 cvelist1 nvd1 patchstack1 prion1