Описание
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.
Ссылки
- PatchThird Party Advisory
- Patch
- Release Notes
- PatchThird Party Advisory
- Patch
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.24 (исключая)
cpe:2.3:a:bigtreecms:bigtree_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 46%
0.00236
Низкий
5.4 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The Session Fixation could allow an attacker to hijack an admin session.
EPSS
Процентиль: 46%
0.00236
Низкий
5.4 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-384