SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
CPE | Name | Operator | Version |
---|---|---|---|
serene_bach | eq | <= 2.20r | |
serene_bach | eq | 3.0 beta23 | |
serene_bach | eq | 2.9.114 | |
serene_bach | eq | 2.5.114 | |
serene_bach | eq | 2.8.100 | |
serene_bach | eq | 1.19.114 | |
serene_bach | eq | 1.18.114 |