Lucene search

Veracode Vulnerability DatabaseVERACODE:44095

HistoryNov 01, 2023 - 2:47 p.m.

Insecure Session Management

2023-11-0114:47:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

software vulnerability session .

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

thorsten/phpmyfaq is vulnerable to Insecure Session Management. The vulnerability exists because the sessions are not securely handled which allows an attacker to perform unauthorized actions.

CPENameOperatorVersion
thorsten/phpmyfaqle3.2.0
phpmyfaq/phpmyfaqle3.2.0
thorsten/phpmyfaqle3.2.0
phpmyfaq/phpmyfaqle3.2.0

Name	Operator	Version
thorsten/phpmyfaq	le	3.2.0
phpmyfaq/phpmyfaq	le	3.2.0
thorsten/phpmyfaq	le	3.2.0
phpmyfaq/phpmyfaq	le	3.2.0

References

github.com/advisories/GHSA-34w4-wrqp-j47g

github.com/thorsten/phpmyfaq/commit/fdacff14acd5e69841068f0e32b59e2d1b1d0d55

huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945

huntr.com/bounties/ec44bcba-ae7f-497a-851e-8165ecf56945/

5.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for VERACODE:44095