CVE-2018-14387

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-14387
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14387.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-14387
Published
2018-07-18T19:29:00.260Z
Modified
2026-03-14T09:27:42.924762Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authenticate against the server using the same session identifier. The attacker can access the user's account through the active session. The Session Fixation attack fixes a session on the victim's browser, so the attack starts before the user logs in.

References

Affected packages

Git / github.com/robiso/wondercms

Affected ranges

Type
GIT
Repo
https://github.com/robiso/wondercms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
034e6776e111c3a855d3fcd92e4b8b8004c4b4d6
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.5.2"
        }
    ]
}

Affected versions

1.*
1.1.0-beta
1.2.0-beta
2.*
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.1.0
2.2.0
2.2.1
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0
2.5.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14387.json"