4 matches found
CVE-2020-36913
All-Dynamics Software enlogic:show 2.0.2 is affected by a session-fixation vulnerability that allows an attacker to set a predefined PHP session identifier during login. By forging a crafted HTTP GET to welcome.php with a manipulated session token, an attacker can bypass authentication and potent...
CVE-2020-36913 All-Dynamics Software enlogic:show 2.0.2 Session Fixation Authentication Bypass
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and...
CVE-2020-36913 All-Dynamics Software enlogic:show 2.0.2 Session Fixation Authentication Bypass
All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and...
All-Dynamics enlogic:show 安全漏洞
All-Dynamics enlogic:show is a digital signage management system from All-Dynamics, Germany. A security vulnerability exists in All-Dynamics enlogic:show version 2.0.2, which stems from the presence of a session fixation vulnerability that could lead to bypassing authentication and performing...