CVE-2020-21236
HIGH WAF: Low
CVSS 8.8
Published: 2021-12-27
CWE-352
A vulnerability in /damicms-master/admin.php?s=/Article/doedit of DamiCMS v6.0 allows attackers to compromise and impersonate user accounts via obtaining a user's session cookie.
WAF Coverage Analysis
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| damicms | damicms | 6.0.0 |
References
- github.com (Exploit, Third Party Advisory)