Skip to main content

Http CVE-2018-25160

MEDIUM
Improper Input Validation (CWE-20)
2026-02-27 9b29abf9-4ab0-4765-b253-1875cd9b441e
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
CVE Published
Feb 27, 2026 - 21:16 nvd
MEDIUM 6.5

DescriptionCVE.org

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend.

For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.

AnalysisAI

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend. [CVSS 6.5 MEDIUM]

Technical ContextAI

Classified as CWE-20 (Improper Input Validation). Affects Session2. HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabling code injection or other impact depending on session backend.

For example, if an application uses memcached for session storage, then it may be possible for a remote attacker to inject memcached commands in the session id value.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2018-25160 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy