CVE-2010-1135

Severity

75%

Complexity

99%

Confidentiality

106%

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Tiki Tikiwiki CMS/Groupware

First reported 14 years ago

2010-03-27 19:07:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

Tiki Tikiwiki CMS/Groupware 4.0

4.0

Tiki Tikiwiki CMS/Groupware 4.1

4.1

References

http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases

Patch

38896

Vendor Advisory

http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046

38608

Exploit

tikiwiki-userlogout-unspecified(56770)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.