CVE-2012-2437

Exploit

EPSS 7.25%
Veröffentlicht 26.11.2012 12:45:22
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Awcm-cms ≫ Ar Web Content Manager Version2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.25%	0.914

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html

Exploit

http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/79926

https://nvd.nist.gov/vuln/detail/CVE-2012-2437

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2437

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2437

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-2437