提交 #749485: SourceCodester Prison Management System Using PHP V1.0 Session Fixiation信息

标题SourceCodester Prison Management System Using PHP V1.0 Session Fixiation
描述A critical session fixation vulnerability(/Admin/login.php) allows unauthenticated attackers to hijack administrator sessions: the app assigns a PHPSESSID to unauthenticated visitors accessing the login page and does not regenerate the session ID after successful admin authentication, enabling attackers to use a pre-obtained fixed PHPSESSID to induce an admin login and then reuse the same session ID to gain full administrative access, severely compromising the system's confidentiality, integrity and availability.
来源⚠️ https://github.com/hater-us/CVE/issues/10
用户
 Hater (UID 94862)
提交2026-01-30 21時15分 (3 月前)
管理2026-02-07 16時09分 (8 days later)
状态已接受
VulDB条目344880 [SourceCodester Prison Management System 1.0 Login 弱身份验证]
积分20

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!