Vendor
Katalyst Koi versions before 4.20.0 and between 5.0.0 and 5.6.0 fail to invalidate admin session cookies upon logout, allowing attackers with a valid cookie to maintain unauthorized access.