Stolichnayer/Summer-Pearl-Group-Insufficient-Session-Expiration
GitHub
Releases0
Summer Pearl Group's Vacation Rental Management Platform versions ≤ 1.0.1 contain an Insufficient Session Expiration vulnerability.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.5 MEDIUM | — | ||
Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions after a password change. This allows an attacker with a valid session token to maintain access to the account even after the legitimate user changes their password. | |||