Vulnerabilities > CVE-2020-23140 - Insufficient Session Expiration vulnerability in Microweber 1.1.18

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

microweber

CWE-613

NVD

Published: 2020-11-09

Updated: 2024-11-21

Summary

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

Vulnerable Configurations

Part	Description	Count
Application	Microweber Microweber Microweber 1.1.18	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36
https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36