Description
cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Sooel Son · textwebappsphp
https://www.exploit-db.com/exploits/38015
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/79926
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html
Scores
EPSS
0.0725
EPSS Percentile
91.7%
Details
CWE
CWE-287
Status
published
Products (1)
awcm-cms/ar_web_content_manager
2.2
Published
Nov 26, 2012
Tracked Since
Feb 18, 2026