CVE-2018-17888

Summary

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.

Affected Software

VendorProductVersion RangeStatus
NUUONUUO CMSAll versions 3.1 and prioraffected

Weaknesses

  • CWE-330: USE OF INSUFFICIENTLY RANDOM VALUES CWE-330

ADP Enrichment

CVE Program Container

Additional References

References