multi site security issue
Permalink 1 user found helpful
I came across a significant vulnerability in how concrete5 handles session management. If I am an admin on one site I can leverage my session key to access the other site's dashboard. It looks like the session controls only look at your privileges not necessarily by site. To recreate this issue you would just need to modify the path of the cookie.
Can uou please help me out this?
Can uou please help me out this?
