3 matches found
CVE-2018-5385
Navarino Infinity is prone to session fixation attacks. The server accepts the session ID as a GET parameter which can lead to bypassing the two factor authentication in some installations. This could lead to phishing attacks that can bypass the two factor authentication that is present in some...
CVE-2018-5385
CVE-2018-5385 affects Navarino Infinity web interface (up to version 2.2). The vulnerability arises from accepting the session ID as a GET parameter, enabling session fixation that can bypass two-factor authentication in some installations, with potential phishing implications. The linked sources...
Navarino Infinity web interface is affected by multiple vulnerabilities.
Overview Navarino Infinity web interface up to version 2.2 is affected by multiple vulnerabilities. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' - CVE-2018-5384| Navarino Infinity exposes an unauthenticated script that is prone to blind sq...