Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Product: Microweber
Product Version: 1.1.18
Vulnerability: No session expiry after log-out
The Microweber 1.1.18 session is not expiring after the session is logout and remains active.
Insufficient Session Expiration
Attack Type: Local
Due to this bug, there is no way for the victim to revoke access of the attacker if the account has been already compromised.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.