CVE-2023-1854

CRITICAL Year: 2023
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-613
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability.

Related Vulnerabilities

CVE-2014-2595

CRITICAL
CVSS:9.8(Critical)

Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.

CWE-6132014

CVE-2015-5171

CRITICAL
CVSS:9.8(Critical)

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified imp...

CWE-6132015

CVE-2016-11014

CRITICAL
CVSS:9.8(Critical)

NETGEAR JNR1010 devices before 1.0.0.32 have Incorrect Access Control because the ok value of the auth cookie is a special case.

CWE-6132016

CVE-2016-5069

CRITICAL
CVSS:9.8(Critical)

Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in the URL.

CWE-6132016

CVE-2016-6545

CRITICAL
CVSS:9.8(Critical)

Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this i...

CWE-6132016

CVE-2018-21018

CRITICAL
CVSS:9.8(Critical)

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.

CWE-6132018