5 matches found
PT-2026-39727
Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection occurs when the cow cookie:cookie/1 function builds a client-side Cookie request header from name-value pairs without validating the fields. A...
Elektraweb Security Vulnerabilities
Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A security vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from reliance on unvalidated and integrity-checked cookies, which allows an attacker to manipulate, access/intercept/modify HTTP...
CVE-2023-3050
Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass. This issue affects Lockcell: before 15...
PT-2023-22736
Name of the Vulnerable Software and Affected Versions TMT Lockcell versions prior to 15 Description The issue is related to the reliance on cookies without validation and integrity checking in a security decision, which allows for privilege abuse and authentication bypass. Recommendations For...
Remote Code Execution
spoon/library is vulnerable to remote code execution. Lack of validation of the cookie allows a remote attacker to submit a cookie containing malicious executable objects that will execute upon deserialization in the wakeup magic method in spoon/cookie/cookie.php...