Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | N/A |
CWE-ID | CWE-521 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Admidio Web applications / CMS |
Vendor | Admidio |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU61476
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-521 - Weak Password Requirements
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise the affected account.
The vulnerability exists due to an error in the password change functionality, which did not reset all user's session after password change. An attacker who compromised user's session can retain access to the victim's account even after password change.
Install updates from vendor's website.
Vulnerable software versionsAdmidio: 4.1.0 - 4.1.8
External linkshttp://github.com/Admidio/admidio/releases/tag/v4.1.9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.