Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cookies Manipulation in Talya Informatics' Elektraweb
Vulnerability Description
Reliance on Cookies without Validation and Integrity Checking vulnerability in Talya Informatics Elektraweb allows Session Credential Falsification through Manipulation, Accessing/Intercepting/Modifying HTTP Cookies, Manipulating Opaque Client-based Data Tokens.This issue affects Elektraweb: before v17.0.68.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
在信任Cookie未进行验证与完整性检查
Vulnerability Title
Elektraweb 安全漏洞
Vulnerability Description
Elektraweb是土耳其Elektraweb公司的一个基于云托管的网络酒店程序。 Elektraweb v17.0.68之前版本存在安全漏洞,该漏洞源于依赖未经验证和完整性检查的 Cookie ,允许攻击者操纵、访问/拦截/修改 HTTP Cookie、操纵不透明的基于客户端的数据令牌来伪造会话凭据。
CVSS Information
N/A
Vulnerability Type
N/A