| Title | Zenario CMS 9.3.57595 has Session Fixation vulnerability |
|---|
| Description | Description: In Zenario CMS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.
The product(s): https://zenar.io
Affected product(s)/code base: https://github.com/TribalSystems/Zenario
Affected component(s): /Zenario-9.3.57595/zenario/admin/welcome.ajax.php
Tested version: Zenario-9.3.57595 |
|---|
| Source | ⚠️ https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation |
|---|
| User | leecybersec (UID 36724) |
|---|
| Submission | 11/30/2022 09:02 (4 years ago) |
|---|
| Moderation | 11/30/2022 11:45 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 214589 [Tribal Systems Zenario CMS 9.3.57595 Remember Me session fixiation] |
|---|
| Points | 20 |
|---|