CVE-2010-1135

The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
tikitikiwiki_cms\/groupware
4.0
tikitikiwiki_cms\/groupware
4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
http://secunia.com/advisories/38896
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046
http://www.securityfocus.com/bid/38608
https://exchange.xforce.ibmcloud.com/vulnerabilities/56770
http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases
http://secunia.com/advisories/38896
http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046
http://www.securityfocus.com/bid/38608
https://exchange.xforce.ibmcloud.com/vulnerabilities/56770