CVE-2008-5964

EUVD-2008-5934
Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
impresscmsimpresscms
𝑥
≤ 1.0.3
impresscmsimpresscms
1.0
impresscmsimpresscms
1.0.1
impresscmsimpresscms
1.0.2
impresscmsimpresscms
1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/50413
http://secunia.com/advisories/32985
http://sourceforge.net/forum/forum.php?forum_id=893767
http://wiki.impresscms.org/index.php?title=Change_Log#2008-12-2_:_1.1.1_RC
http://www.securityfocus.com/archive/1/498734/100/0/threaded
http://www.securityfocus.com/archive/1/498885/100/0/threaded
http://www.securityfocus.com/bid/32495
https://exchange.xforce.ibmcloud.com/vulnerabilities/46989
http://osvdb.org/50413
http://secunia.com/advisories/32985
http://sourceforge.net/forum/forum.php?forum_id=893767
http://wiki.impresscms.org/index.php?title=Change_Log#2008-12-2_:_1.1.1_RC
http://www.securityfocus.com/archive/1/498734/100/0/threaded
http://www.securityfocus.com/archive/1/498885/100/0/threaded
http://www.securityfocus.com/bid/32495
https://exchange.xforce.ibmcloud.com/vulnerabilities/46989