CVE-2010-1135

2010-03-2621:00:00

mitre

www.cve.org

6.9 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

JSON

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

References

info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases

secunia.com/advisories/38896

tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046

www.securityfocus.com/bid/38608

exchange.xforce.ibmcloud.com/vulnerabilities/56770