CVE-2018-17888

CVE-2018-17888

Vendor Nuuo
Product NUUO CMS
Weakness CWE-330 · Insufficient randomness
Published October 12, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.

Key dates

02Disclosure timeline

October 12, 2018 CVE published
September 17, 2024 Record updated