CRITICAL🇵🇱 Wersja polska

CVE-2018-17888

CVSS 9.8v3.0pub. 2018-10-12upd. 2024-11-21

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nuuo Cms

    APP
    Nuuo
    ≤ 3.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2018-17934CRITICAL9.8ten sam produkt

NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able...

CVE-2018-17936CRITICAL9.8ten sam produkt

NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or ov...

CVE-2018-17890CRITICAL9.8ten sam produkt

NUUO CMS all versions 3.1 and prior, The application uses insecure and outdated software components for functi...

CVE-2018-17894CRITICAL9.8ten sam produkt

NUUO CMS all versions 3.1 and prior, The application creates default accounts that have hard-coded passwords, ...

CVE-2018-18982HIGH8.8ten sam produkt

NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, w...