CVE-2023-6144 Information

Description

Dev blog v1.0 allows to exploit an account takeover through the �ser\ cookie. With this an attacker can access any user’s session just by knowing their username.

Reference

https://fluidattacks.com/advisories/almighty/ https://github.com/Armanidrisi/devblog/