Published: 26/11/2012 Updated: 29/08/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote malicious users to generate arbitrary cookies via the name parameter in conjunction with the content parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
awcm-cms ar web content manager 2.2

AWCM version 22 appears to suffer from cookie forgery and direct access vulnerabilities ...

source: wwwsecurityfocuscom/bid/56465/info AWCM is prone to an authentication-bypass and multiple security-bypass vulnerabilities Attackers can exploit these vulnerabilities to bypass certain security restrictions, perform unauthorized actions; which may aid in further attacks AWCM 22 is vulnerable; other versions may also be affecte ...

CWE-287 http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html https://exchange.xforce.ibmcloud.com/vulnerabilities/79926 https://nvd.nist.gov https://packetstormsecurity.com/files/117975/AWCM-2.2-Access-Bypass.html https://www.exploit-db.com/exploits/38015/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-2437

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect