7 matches found
PT-2024-26247 · Unknown · Php-Censor
Name of the Vulnerable Software and Affected Versions: php-censor versions 2.1.4 Description: The issue allows attackers to bruteforce the remember key value, potentially gaining access to accounts that have checked "remember me" when logging in. This could lead to unauthorized access...
PT-2023-18284 · Code Dx · Code Dx
Name of the Vulnerable Software and Affected Versions: Code Dx versions prior to 2023.4.2 Description: The issue allows a malicious actor to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher when generating the...
PT-2023-15130 · Mura Cms · Mura Cms
Name of the Vulnerable Software and Affected Versions: Mura CMS versions prior to 10.0.580 Description: A vulnerability in the Remember Me function allows attackers to bypass authentication via a crafted web request. Recommendations: For versions prior to 10.0.580, update to version 10.0.580 or...
PT-2022-26364 · Tribal Systems · Zenario Cms
Name of the Vulnerable Software and Affected Versions: Tribal Systems Zenario CMS version 9.3.57595 Description: The issue affects the Remember Me Handler component, leading to session fixation. This can be exploited remotely, and the exploit has been disclosed. The attack may be initiated by an...
UBUNTU-CVE-2021-39210
GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie when a user uses the "remember me" feature is accessible by scripts. A malicious plugin that could steal this cookie would be able to use it to autologin. This issue ...
PT-2021-22463 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.6 Description: The issue affects the autologin cookie used when the "remember me" feature is enabled, making it accessible to scripts. A malicious plugin could exploit this to steal the cookie and use it for...
PT-2020-16450 · Evolution Script · Helpdesk
Name of the Vulnerable Software and Affected Versions: HelpDeskZ version 1.0.2 Description: An issue was discovered in the RememberMe functionality, which is prone to SQL injection. This issue only affects products that are no longer supported by the maintainer. Recommendations: For HelpDeskZ...