Description

The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions.

Remediation

References

CVE-2019-16354

Related Vulnerabilities

Microsoft SQL Server CVE-2023-32028 Vulnerability (CVE-2023-32028)

WordPress Plugin Analytics Stats Counter Statistics PHP Object Injection (1.2.2.5)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32477)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2024-11236)

WordPress Plugin Companion Sitemap Generator Cross-Site Request Forgery (3.6.6)

Severity

Medium

Classification

CVE-2019-16354 CWE-732 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities