Lucene search

VulDBCVELIST:CVE-2016-15002

HistoryJun 09, 2022 - 6:15 a.m.

CVE-2016-15002 MONyog Ultimate Cookie privileges management

2022-06-0906:15:14

CWE-269

VulDB

www.cve.org

vulnerability

monyog ultimate

cookie handler

remote attack

privilege escalation

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

41.1%

JSON

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely.

CNA Affected

[
  {
    "product": "MONyog Ultimate",
    "vendor": "unspecified",
    "versions": [
      {
        "status": "affected",
        "version": "6.63"
      }
    ]
  }
]

References

vuldb.com/?id.98355

youtu.be/KKlwi-u6wyA

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

41.1%

JSON

Related for CVELIST:CVE-2016-15002