Описание
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
Ссылки
- Vendor Advisory
- Patch
- Patch
- Vendor Advisory
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta10:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta11:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta4:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta5:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta6:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta7:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta8:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:beta9:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.0:final:*:*:*:*:*:*
cpe:2.3:a:phpfreechat:phpfreechat:1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00423
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
Session fixation vulnerability in phpFreeChat 1.1 allows remote authenticated users to hijack web sessions by setting the session_id parameter to match the victim's nickid parameter.
EPSS
Процентиль: 62%
0.00423
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-287