First published: Mon Nov 20 2023(Updated: )
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.
|Affected Software||Affected Version||How to fix|
|Armanidrisi Dev Blog||=1.0|
The vulnerability ID of Dev Blog v1.0 - ATO is CVE-2023-6144.
The severity of CVE-2023-6144 is critical with a score of 9.1.
The Dev Blog v1.0 - ATO vulnerability allows an attacker to exploit an account takeover through the "user" cookie, providing access to any user's session by knowing their username.
CVE-2023-6144 affects Armanidrisi Dev Blog version 1.0.
To fix the Dev Blog v1.0 - ATO vulnerability, it is recommended to update to a patched version of the software provided by the vendor.