[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Session Invalidation in Economizzer Allows Unauthorized Access After Logout
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] Session Invalidation in Economizzer Allows Unauthorized Access After Logout
- From: Ron E <ronaldjedgerson@xxxxxxxxx>
- Date: Tue, 6 May 2025 20:48:38 -0400
A session management vulnerability exists in gugoan's Economizzer
v.0.9-beta1. The application fails to properly invalidate user sessions
upon logout or other session termination events. As a result, a valid
session remains active and usable even after the user has attempted to log
out.
POST /web/category/create HTTP/2
Host: <host>
Cookie: _economizzerSessionId=<<REDACTED>>;
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/