CVE-2021-27200

Sažetak

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of day.

Reference

https://www.exploit-db.com/exploits/49989
https://securityforeveryone.com/blog/wowonder-0-day-vulnerability-cve-2021-27200
https://www.wowonder.com

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

12-07-2022 - 17:42

Objavljeno

11-06-2021 - 18:15