Insufficient Session Expiration in flatcore/flatcore-cms
Oct 14th 2021
The Cookie before & after user login doesn't change.
Proof of Concept
// PoC 1 Load new website in a new browser 2 Get cookie before login 3 Login to website 4 Get cookie after login Compare those 2 values
Through other attack methods such as XSS, the attacker can store the user's cookies and access them later.