Description

Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before 6.3, when contributed modules "terminate the current request during a login event," allows remote attackers to hijack web sessions via unknown vectors.

Remediation

References

CVE-2008-3222

Related Vulnerabilities

WordPress Plugin PixelYourSite-Facebook Pixel (Events, WooCommerce & Easy Digital Downloads) Multiple Unspecified Vulnerabilities (4.0.2)

WordPress Plugin Paid Membership, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content-ProfilePress Multiple Vulnerabilities (3.1.3)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11064)

MySQL CVE-2020-2895 Vulnerability (CVE-2020-2895)

WordPress Plugin CTA for WordPress-Easy Side Tab includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

Severity

Medium

Classification

CVE-2008-3222 CWE-384

Tags

Missing Update Known Vulnerabilities