CRITICAL🇵🇱 Wersja polska

CVE-2020-35358

CVSS 9.8v3.1pub. 2021-03-15upd. 2024-11-21

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Domainmod

    APP
    Domainmod
    4.15.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-12735CRITICAL9.8ten sam produkt

reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeov...

CVE-2019-9080HIGH7.5ten sam produkt

DomainMOD before 4.14.0 uses MD5 without a salt for password storage.

CVE-2019-1010096HIGH8.8ten sam produkt

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerabil...

CVE-2019-1010094HIGH8.8ten sam produkt

domainmod v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerabil...

CVE-2019-1010095HIGH8.8ten sam produkt

DomainMOD v4.10.0 is affected by: Cross Site Request Forgery (CSRF). The impact is: There is a CSRF vulnerabil...