Vulnerabilities > CVE-2023-40174 - Insufficient Session Expiration vulnerability in Fobybus Social-Media-Skeleton

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

fobybus

CWE-613

critical

NVD

Published: 2023-08-18

Updated: 2023-08-23

Summary

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Fobybus Fobybus Social Media Skeleton 1.0.0 Fobybus Social Media Skeleton 1.0.1 Fobybus Social Media Skeleton 1.0.2 Fobybus Social Media Skeleton 1.0.3 Fobybus Social Media Skeleton 1.0.4	5

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References