CVE-2024-10718

High

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent…

@huntr_ai·CWE-614·Published 2025-03-20

CVSS

7.5

EPSS

0.00

KEV

Exploits

cve.orgen

276 chars

In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0.

NVDen

276 chars

NVDes

323 chars

En la versión 1.5.1 de phpipam/phpipam, el atributo "Secure" para cookies sensibles en sesiones HTTPS no está configurado. Esto podría provocar que el agente de usuario envíe dichas cookies en texto plano a través de una sesión HTTP, lo que podría exponer información sensible. El problema se solucionó en la versión 1.7.0.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.0	Primary	cve.org	5.3	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.0	Primary	cve.org	5.3	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N