Vulnerabilities > CVE-2023-6144 - Unspecified vulnerability in Armanidrisi DEV Blog 1.0

047910
CVSS 4.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
high complexity
armanidrisi

Summary

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.

Vulnerable Configurations

Part Description Count
Application
Armanidrisi
1