Description

Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier.

Remediation

References

CVE-2006-1228

Related Vulnerabilities

WordPress Plugin Music Store Unspecified Vulnerability (1.0.20)

WordPress Plugin Twitter Friends Widget Cross-Site Scripting (3.1)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-42117)

Moodle Other Vulnerability (CVE-2006-6625)

WordPress Plugin Helpful Security Bypass (4.5.14)

Severity

Medium

Classification

CVE-2006-1228 CWE-287

Tags

Missing Update Known Vulnerabilities