Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ifme - Insufficient Session Expiration
Vulnerability Description
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
不充分的会话过期机制
Vulnerability Title
Ifme 代码问题漏洞
Vulnerability Description
Ifme是开源的一个心理健康体验社区,鼓励人们与可信赖的盟友分享他们的个人故事。 Ifme 1.0.0 至 v.7.33.2版本存在代码问题漏洞,该漏洞源于即使在用户发起注销后,也不能正确地使用户的会话无效。攻击者可利用该漏洞通过本地/网络访问或其他假设攻击重用管理员cookie。
CVSS Information
N/A
Vulnerability Type
N/A