cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the web root with insufficient access control, which allows remote attackers to obtain session data via a direct request related to the "default session save path."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.013
EPSS Ranking 68.0%