Отправить #749485: SourceCodester Prison Management System Using PHP V1.0 Session FixiationИнформация

НазваниеSourceCodester Prison Management System Using PHP V1.0 Session Fixiation
ОписаниеA critical session fixation vulnerability(/Admin/login.php) allows unauthenticated attackers to hijack administrator sessions: the app assigns a PHPSESSID to unauthenticated visitors accessing the login page and does not regenerate the session ID after successful admin authentication, enabling attackers to use a pre-obtained fixed PHPSESSID to induce an admin login and then reuse the same session ID to gain full administrative access, severely compromising the system's confidentiality, integrity and availability.
Источник⚠️ https://github.com/hater-us/CVE/issues/10
Пользователь
 Hater (UID 94862)
Представление30.01.2026 21:15 (3 месяцы назад)
Модерация07.02.2026 16:09 (8 days later)
Статуспринято
Запись VulDB344880 [SourceCodester Prison Management System 1.0 Login слабая аутентификация]
Баллы20

ПредыдущийОбзорДалее

Do you know our Splunk app?

Download it now for free!