Soumettre #749485: SourceCodester Prison Management System Using PHP V1.0 Session Fixiationinformation

TitreSourceCodester Prison Management System Using PHP V1.0 Session Fixiation
DescriptionA critical session fixation vulnerability(/Admin/login.php) allows unauthenticated attackers to hijack administrator sessions: the app assigns a PHPSESSID to unauthenticated visitors accessing the login page and does not regenerate the session ID after successful admin authentication, enabling attackers to use a pre-obtained fixed PHPSESSID to induce an admin login and then reuse the same session ID to gain full administrative access, severely compromising the system's confidentiality, integrity and availability.
La source⚠️ https://github.com/hater-us/CVE/issues/10
Utilisateur
 Hater (UID 94862)
Soumission30/01/2026 21:15 (il y a 3 mois)
Modérer07/02/2026 16:09 (8 days later)
StatutAccepté
Entrée VulDB344880 [SourceCodester Prison Management System 1.0 Login authentification faible]
Points20

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!