CVE-2014-8391

Sendio < 7.2.3 - Information Disclosure

Title source: rule

Description

The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappsjsp

https://www.exploit-db.com/exploits/37114

View Code ZIP pw:eip

References (5)

[Exploit] http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html

[Exploit] http://seclists.org/fulldisclosure/2015/May/95

[Vendor Advisory] http://www.sendio.com/software-release-history/

[Exploit] https://www.exploit-db.com/exploits/37114/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/535592/100/0/threaded

Scores

EPSS 0.0974

EPSS Percentile 92.8%

Classification

CWE

CWE-200

Status draft

Affected Products (1)

sendio/sendio < 7.2.3

Timeline

Published Jun 02, 2015

Tracked Since Feb 18, 2026