6 matches found
CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation...
CVE-2022-24444
creationtimestamp| type| source ---|---|--- 2022-06-29 02:36:24+00:00| seen| https://t.me/cibsecurity/45340...
CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation...
CVE-2022-24444
Silverstripe silverstripe/framework through 4.10 allows Session Fixation...
CVE-2022-24444
CVE-2022-24444 affects Silverstripe framework versions 4.10 and earlier. The issue is a session-fixation vulnerability involving the hybridsessions module when the session-manager module is not installed and session IDs are saved to disk; unexpired SessionIDs of logged-out users can still be used...
CVE-2022-24444: Hybridsessions does not expire session id on logout
More info at https://www.silverstripe.org/download/security-releases/cve-2022-24444...