CVE-2021-47721 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating ses…
High CVSS: 8.7

CVE-2021-47721

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.
Vendor
Orangescrum
Product
Orangescrum
CWE
CWE-639
Yayın Tarihi
2025-12-23 20:15:44
Güncelleme
2025-12-31 21:44:19
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-639 Orangescrum HIGH Orangescrum 2025

Referanslar

https://www.exploit-db.com/exploits/50551 https://www.orangescrum.org/ https://www.vulncheck.com/advisories/orangescrum-authenticated-privilege-escalation-via-user-session-manipulation