CVE-2008-5964

Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
impresscmsimpresscms
𝑥
≤ 1.0.3
impresscmsimpresscms
1.0
impresscmsimpresscms
1.0.1
impresscmsimpresscms
1.0.2
impresscmsimpresscms
1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/50413
http://secunia.com/advisories/32985
http://sourceforge.net/forum/forum.php?forum_id=893767
http://wiki.impresscms.org/index.php?title=Change_Log#2008-12-2_:_1.1.1_RC
http://www.securityfocus.com/archive/1/498734/100/0/threaded
http://www.securityfocus.com/archive/1/498885/100/0/threaded
http://www.securityfocus.com/bid/32495
https://exchange.xforce.ibmcloud.com/vulnerabilities/46989
http://osvdb.org/50413
http://secunia.com/advisories/32985
http://sourceforge.net/forum/forum.php?forum_id=893767
http://wiki.impresscms.org/index.php?title=Change_Log#2008-12-2_:_1.1.1_RC
http://www.securityfocus.com/archive/1/498734/100/0/threaded
http://www.securityfocus.com/archive/1/498885/100/0/threaded
http://www.securityfocus.com/bid/32495
https://exchange.xforce.ibmcloud.com/vulnerabilities/46989