Vulnerability Details : CVE-2010-1135
The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
Exploit prediction scoring system (EPSS) score for CVE-2010-1135
Probability of exploitation activity in the next 30 days: 1.35%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1135
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-1135
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1135
-
http://www.securityfocus.com/bid/38608
TikiWiki Versions Prior to 4.2 Multiple VulnerabilitiesExploit
-
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046
404 Not Found
-
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
TikiWiki 1.8.4 re-packaged | Tiki Wiki CMS Groupware :: CommunityPatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56770
TikiWiki CMS/Groupware user_logout() method unspecified CVE-2010-1135 Vulnerability Report
Products affected by CVE-2010-1135
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:tiki:tikiwiki_cms\/groupware:4.1:*:*:*:*:*:*:*