V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.03376 Percentile:
0.86855
CVSS Scoring
CVSS v3.1 Score: 9.8
Severity: CRITICAL
Mapped CWE(s)
CWE-565
: Reliance on Cookies without Validation and Integrity Checking
All CAPEC(s)
CAPEC-226: Session Credential Falsification through Manipulation
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-39: Manipulating Opaque Client-based Data Tokens
CAPEC(s) with Mapped TTPs
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
Mapped TTPs: