CVE-2008-4649

Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
elxiselxis_cms
2008.1:revision_2204
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/0810-exploits/elxis-xss.txt
http://www.securityfocus.com/bid/31764
https://exchange.xforce.ibmcloud.com/vulnerabilities/45868
http://packetstormsecurity.org/0810-exploits/elxis-xss.txt
http://www.securityfocus.com/bid/31764
https://exchange.xforce.ibmcloud.com/vulnerabilities/45868