[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2012-1248

Date: (C)2012-05-15   (M)2017-12-10 


app/config/core.php in baserCMS 1.6.15 and earlier does not properly handle installations in shared-hosting environments, which allows remote attackers to hijack sessions by leveraging administrative access to a different domain.

CVSS Score: 5.1Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-53543
JVN#53465692
JVNDB-2012-000043
basercms-core-sec-bypass(75660)
http://basercms.net/security/1

CPE    29
cpe:/a:e-catchup:basercms:1.6.7.1
cpe:/a:e-catchup:basercms:1.5.5
cpe:/a:e-catchup:basercms:1.6.2
cpe:/a:e-catchup:basercms:1.5.4
...
CWE    1
CWE-264

© 2013 SecPod Technologies