CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-25160

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.7%

CVSS Severity

CVSS v3 Score 6.5

References

https://github.com/tokuhirom/HTTP-Session2/commit/813838f6d08034b6a265a70e53b59b941b5d3e6d.patch
https://metacpan.org/pod/Cache::Memcached::Fast::Safe
https://metacpan.org/release/TOKUHIROM/HTTP-Session2-1.10/source/Changes
http://www.openwall.com/lists/oss-security/2026/02/27/13

Products affected by CVE-2018-25160

Tokuhirom » Http: » Version: Any

cpe:2.3:a:tokuhirom:http:

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-25160

Products

Pricing

Contact Us