Session Replay Vulnerability in PHP-Fusion by PHP-Fusion
CVE-2020-23178

5.4MEDIUM

Key Information:

Vendor: PHP-fusion
Status: PHP-fusion
Vendor: CVE Published:; 2 July 2021

What is CVE-2020-23178?

PHP-Fusion 9.03.50 is affected by a security flaw where session cookies are not removed after a user logs out. This oversight can be exploited by attackers to execute session replay attacks, allowing them to impersonate legitimate users and gain unauthorized access to sensitive information. It is crucial for users of this application to implement immediate mitigations to ensure the integrity and confidentiality of their sessions.

References

https://github.com/PHPFusion/PHPFusion/issues/2314

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2021
Vulnerability Reserved
Aug 13, 2020

PHP-fusion

What is CVE-2020-23178?

References

CVSS V3.1

Timeline