CVE-2022-44007

HIGH

BACKCLICK Professional <5.9.63 - Privilege Escalation

Title source: llm

Description

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-036.txt

Third Party Advisory

https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037

Scores

CVSS v3 8.8

EPSS 0.0080

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-384

Status published

Products (1)

backclick/backclick 5.9.63

Published Nov 16, 2022

Tracked Since Feb 18, 2026