Vulnerabilities > CVE-2018-19437 - Unspecified vulnerability in Ucms Project Ucms 1.4.7
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |