CVE-2020-23140

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 50%
VendorProductVersion
microwebermicroweber
1.1.18
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36
https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36