cve/CVE-2008-3662.md at 48a00929accbe24477052d164512463a2824377a

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

POC

Reference

No PoCs from references.

Github

https://github.com/aemon1407/KWSPZapTest
https://github.com/faizhaffizudin/Case-Study-Hamsa

739 B Raw Blame History

CVE-2008-3662

Description

POC

Reference

Github

739 B

Raw Blame History