CVE-2020-23140

EUVD-2020-15893
Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
Affected Products (NVD)
VendorProductVersion
microwebermicroweber
1.1.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36
https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36