CVE-2018-18380
CVE-2018-18380 affects BigTree (Bigtree) CMS prior to 4.2.24. The admin.php flow accepts a user-supplied PHP session ID after login instead of regenerating a new one, enabling session hijacking (session fixation). Documents indicate this is fixed in 4.2.24; remediation is to upgrade to 4.2.24 or ...