CVE-2022-23063 HIGH

CVE-2022-23063: Shopizer - Insufficient Session Expiration

Vendor Shopizer-Ecommerce
Product Shopizer
Weakness CWE-613 · Insufficient session expiration
Published May 3, 2022
Last update September 16, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

Key dates

02Disclosure timeline

May 3, 2022 CVE published
September 16, 2024 Record updated