Submit #749485: SourceCodester Prison Management System Using PHP V1.0 Session Fixiationinfo

TitleSourceCodester Prison Management System Using PHP V1.0 Session Fixiation
DescriptionA critical session fixation vulnerability(/Admin/login.php) allows unauthenticated attackers to hijack administrator sessions: the app assigns a PHPSESSID to unauthenticated visitors accessing the login page and does not regenerate the session ID after successful admin authentication, enabling attackers to use a pre-obtained fixed PHPSESSID to induce an admin login and then reuse the same session ID to gain full administrative access, severely compromising the system's confidentiality, integrity and availability.
Source⚠️ https://github.com/hater-us/CVE/issues/10
User
 Hater (UID 94862)
Submission01/30/2026 21:15 (3 months ago)
Moderation02/07/2026 16:09 (8 days later)
StatusAccepted
VulDB entry344880 [SourceCodester Prison Management System 1.0 Login session fixiation]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!