Security Advisory

CVE-2021-22948

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-23 12:44:20

Last updated 2024-08-03 18:58:26

Assigner hackerone

State PUBLISHED

Description

Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account.

← Browse all CVEs View on cve.org ↗