VYPR
Unrated severityNVD Advisory· Published Sep 5, 2019· Updated Aug 5, 2024

CVE-2019-15955

CVE-2019-15955

Description

An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n^x complexity, and steal the admin password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Total.js/CMSdescription
  • Totaljs/CMSllm-fuzzy
    Range: = 12.0.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.