Session Fixation Vulnerability in ImpressCMS by Social
CVE-2008-5964

Currently unrated

Key Information:

Vendor: Impresscms
Status: Impresscms
Vendor: CVE Published:; 23 January 2009

What is CVE-2008-5964?

The session fixation vulnerability in ImpressCMS versions before 1.1.1 RC1 allows attackers to hijack user sessions by manipulating the PHPSESSID parameter. By setting a predetermined session identifier, an attacker can force a legitimate user to unknowingly use this session ID, effectively taking control of their web session. This susceptibility poses significant risks, as it can lead to unauthorized access to user accounts and sensitive information, compromising the integrity and confidentiality of the affected system.

References

http://secunia.com/advisories/32985

third-party-advisoryx_refsource_SECUNIA

http://sourceforge.net/forum/forum.php?forum_id=893767

x_refsource_CONFIRM

http://osvdb.org/50413

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2009
Vulnerability Reserved
Jan 23, 2009

CVE-2008-5964 Data

JSON

Impresscms

What is CVE-2008-5964?

References

Timeline