lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.
Max CVSS
9.8
EPSS Score
0.22%
Published
2020-03-24
Updated
2020-03-27
1 vulnerabilities found