CVE-2022-44007

HIGH

BACKCLICK Professional <5.9.63 - Privilege Escalation

Title source: llm

Description

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.

References (2)

[Exploit, Third Party Advisory] https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-036.txt

[Third Party Advisory] https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037

Scores

CVSS v3 8.8

EPSS 0.0038

EPSS Percentile 59.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-384

Status published

Products (1)

backclick/backclick 5.9.63

Published Nov 16, 2022

Tracked Since Feb 18, 2026