Advisory Published

CVE-2023-6144: Dev Blog v1.0 - ATO

First published: Mon Nov 20 2023(Updated: )

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username.


Affected SoftwareAffected VersionHow to fix
Armanidrisi Dev Blog=1.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID of Dev Blog v1.0 - ATO?

    The vulnerability ID of Dev Blog v1.0 - ATO is CVE-2023-6144.

  • What is the severity of CVE-2023-6144?

    The severity of CVE-2023-6144 is critical with a score of 9.1.

  • How does the Dev Blog v1.0 - ATO vulnerability work?

    The Dev Blog v1.0 - ATO vulnerability allows an attacker to exploit an account takeover through the "user" cookie, providing access to any user's session by knowing their username.

  • What software versions are affected by CVE-2023-6144?

    CVE-2023-6144 affects Armanidrisi Dev Blog version 1.0.

  • How can I fix the Dev Blog v1.0 - ATO vulnerability?

    To fix the Dev Blog v1.0 - ATO vulnerability, it is recommended to update to a patched version of the software provided by the vendor.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203