CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-44007

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 28.7%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-036.txt
https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-036.txt
https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037

Products affected by CVE-2022-44007

Backclick » Backclick » Version: 5.9.63

cpe:2.3:a:backclick:backclick:5.9.63

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-44007

Products

Pricing

Contact Us