N/A

Joovili 3.1.4 allows remote attackers to bypass authentication and gain privileges as other users, including the administrator, by setting the (1) session_id, session_logged_in, and session_username cookies for user privileges; (2) session_admin_id, session_admin_username, and session_admin cookies for admin privileges; and (3) session_staff_id, session_staff_username, and session_staff cookies for staff users.

N/A

N/A

Joovili Cookie 权限绕过漏洞

Joovili是一款社交网络软件。 Joovili 3.1.4版本允许远程攻击者通过设置(1)session_id,session_logged_in,以及对用户特权的session_username cookies;(2)session_admin_id,session_admin_username,和对管理特权的session_admin cookies;以及(3)session_staff_id,session_staff_username,和对staff用户的session_staff cooki

N/A

N/A