CVE-2020-8986

Publication date

2020-03-24 20:12:27

Family

mitre

State

PUBLISHED

Description

lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validating the session cookie, allowing an attacker to gain administrative access with a large number of requests.