Vulnerability Details : CVE-2010-1136
The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to bypass access restrictions related to "persistent login," probably due to the generation of predictable cookies based on the IP address and User agent in userslib.php.
Products affected by CVE-2010-1136
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:3.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1136
1.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-1136
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-1136
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1136
-
http://www.securityfocus.com/bid/38608
TikiWiki Versions Prior to 4.2 Multiple Vulnerabilities
-
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki/branches/proposals/3.x/lib/userslib.php?r1=25196&r2=25195&pathrev=25196
404 Not Found
-
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196
404 Not Found
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56771
TikiWiki CMS/Groupware Standard Remember method unspecified CVE-2010-1136 Vulnerability Report
-
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
TikiWiki 1.8.4 re-packaged | Tiki Wiki CMS Groupware :: Community
Jump to