october/rain uses insecure session management. Lack of proper validation of session ID at logging out allows an attacker with an old (invalid) session ID to bypass intended Auth/Manager.php
authentication behavior during a new login.
CPE | Name | Operator | Version |
---|---|---|---|
october/rain | le | v1.1.1 | |
october/rain | le | v1.0.471 |