Lucene search

K

MitreCVELIST:CVE-2010-1136

HistoryMar 26, 2010 - 9:00 p.m.

CVE-2010-1136

2010-03-2621:00:00

mitre

www.cve.org

6.7 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to “persistent login,” probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.

References

info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases

osvdb.org/62801

secunia.com/advisories/38882

tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196

tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196

www.securityfocus.com/bid/38608

exchange.xforce.ibmcloud.com/vulnerabilities/56771

6.7 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

86.2%

Related for CVELIST:CVE-2010-1136

nvd1 prion1 cve1 openvas1