Arbitrary Remote Code Execution in NUUO CMS Versions 3.1 and Prior via Session ID Vulnerability

Arbitrary Remote Code Execution in NUUO CMS Versions 3.1 and Prior via Session ID Vulnerability

CVE-2018-17888 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.

Learn more about our Cms Pen Testing.