CVE-2008-4649

EUVD-2008-4629
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
elxiselxis_cms
2008.1:revision_2204
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/0810-exploits/elxis-xss.txt
http://www.securityfocus.com/bid/31764
https://exchange.xforce.ibmcloud.com/vulnerabilities/45868
http://packetstormsecurity.org/0810-exploits/elxis-xss.txt
http://www.securityfocus.com/bid/31764
https://exchange.xforce.ibmcloud.com/vulnerabilities/45868