CVE-2010-1135

CVE-2010-1135

EPSS 1.5%

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://secunia.com/advisories/38896 https://exchange.xforce.ibmcloud.com/vulnerabilities/56770 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046 http://www.securityfocus.com/bid/38608