This could lead to information disclosure and session hijacking.
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.
A memory corruption issue was discovered in BACKCLICK Professional 5.9.63. It is possible for malicious users to launch a denial-of-service attack using a specially crafted file.
An issue was discovered in BACKCLICK Professional 5.9.63. It is possible for malicious users to execute remote code using a specially crafted file.
An issue was discovered in BACKCLICK Professional 5.9.63. It is possible for malicious users to obtain sensitive information about the system configuration via a specially crafted file.
An issue was discovered in BACKCLICK Professional 5.9.63. It is possible for malicious users to modify arbitrary files via a specially crafted file.
An issue was discovered in BACKCLICK Professional 5.9.63. It is possible for malicious users to obtain sensitive information about the system configuration via a specially crafted file.
An issue was discovered in BACKCLICK Professional 5.9.63. It is possible for malicious users to modify arbitrary files via a specially crafted file.
An issue was discovered in BACKCLICK Professional 5.9.63. It is possible for malicious
Products and versions affected
BACKCLICK Professional v5.9.63 and v5.8.64 are vulnerable to the issues discovered in this advisory, but BACKCLICK Professional 5.7 and below are not affected by these issues.
Timeline
Published on: 11/16/2022 22:15:00 UTC
Last modified on: 11/21/2022 18:26:00 UTC