Vulnerability Description
An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wondercms | Wondercms | < 2.5.2 |
Related Weaknesses (CWE)
References
- https://github.com/robiso/wondercms/issues/64ExploitIssue TrackingThird Party Advisory
- https://www.wondercms.com/whatsnewVendor Advisory
- https://github.com/robiso/wondercms/issues/64ExploitIssue TrackingThird Party Advisory
- https://www.wondercms.com/whatsnewVendor Advisory
FAQ
What is CVE-2018-14387?
CVE-2018-14387 is a vulnerability with a CVSS score of 8.8 (HIGH). An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authen...
How severe is CVE-2018-14387?
CVE-2018-14387 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14387?
Check the references section above for vendor advisories and patch information. Affected products include: Wondercms Wondercms.